explain xkcd - User contributions [en]

Talk:1247: The Mother of All Suspicious Files

2013-08-06T12:01:42Z

Tarmakkkk:

LNK and ZDA...Link and Zelda? [[Special:Contributions/76.64.65.200|76.64.65.200]] 13:43, 5 August 2013 (UTC)

http://www.ip-tracker.org/locator/ip-lookup.php?ip=65.222.202.53, some place in the USA. Looks random, but still... - Actually this IP hosted some javascript that exploited some FF17 weaknesses on Windows NT during the last LEA TOR raid.

The IP address 65.222.202.53 geolocates to a Starbucks just outside the beltway in Washington. DC.

Someone mentioned you see the word Hackers as well as a pirated movie... In fact the pirated movie is the 1995 movie named Hackers. Edited it to make the reference clear.{{unsigned|Sonofaresiii}}

I am missing DMG or other "Mac" suspect executable{{unsigned|145.64.134.242}}

WRBT.OBJ.O.H WhiteRabbit.obj from Jurassic Park. Not sure about the O.H [[User:Andym|Andym]] ([[User talk:Andym|talk]]) 14:56, 5 August 2013 (UTC)

Fixed .O.H - these are file extensions with C compilers and C headers, respectively.[[User:blackhatm|BlackHatm]]

.tar.gz stands for tarred and gzipped (archive) files; here .co. was introduced to make it look like a domain name
.obj can also be a http://en.wikipedia.org/wiki/Relocatable_Object_Module_Format
cia-bin is a play on cgi-bin Sebastian --[[Special:Contributions/178.26.118.249|178.26.118.249]] 15:06, 5 August 2013 (UTC)

After the reference to the FBI in the (currently) final paragraph I was thinking of adding something like the following:
:This would also 'explain' the initial directory structure of "/PUB/CIA-BIN/ETC", something like an FTP /pub/ directory for publicly open files, and conflating the CIA with /cgi-bin/ as a somewhat common location for {{w|Common Gateway Interface|dynamic web-pages}}, then /etc/ which is another Linux/Unix directory reference, strangely stored underneath a doubley-referenced 'tilde' directory, what with ~foo as the root directory generally redirecting to the home directory for user "foo". These are all usually lower-case (and case-sensitive), but if the INIT.DLL has anthing to do with it it might mean it's an uppercase-dominated and yet actually case-insensitive Windows-based system, with that Windows Dynamically Linked Library as a dynamic responder.
...but I've rushed that and it looks messy/may have errors in it, so feel free to clean it up if it inspires you. Or not... [[Special:Contributions/178.98.215.19|178.98.215.19]] 16:34, 5 August 2013 (UTC)

I think [SCR] actually refers to a screener.{{unsigned|83.160.118.125}}

> Agreed. The capitalization and brackets are the standard formatting in pirated movie titles, and before a movie release, Screeners (much better quality than theater cams) are excellent bait on fake downloads. Updated in the wiki. [[User:Daemonf|Daemonf]] ([[User talk:Daemonf|talk]]) 23:09, 5 August 2013 (UTC)

Of course, if the user is on Windows, the only extension that matters is the last one which is ".exe" - an executable. [[User:Hax|Hax]] ([[User talk:Hax|talk]]) 16:43, 5 August 2013 (UTC)

I edited the line on the 'save' button being greyed out. This doesn't change with HTTPS, but is instead a modern browser feature preventing a user from agreeing indiscriminately or with a mistaken click. I hope I didn't step on anybody's toes. [[Special:Contributions/72.29.184.195|72.29.184.195]] 00:12, 6 August 2013 (UTC)
:That's incorrect, the web server can identify if it's a secure connection or not and render the content of the page depending on this.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 06:48, 6 August 2013 (UTC)

What is the joke?That the prescence of a huge number of extensions makes this file extremely suspicious?And the punch is that he is suggesting a secure connection to download this file?--[[Special:Contributions/117.194.199.185|117.194.199.185]] 01:24, 6 August 2013 (UTC)

"...CO - looks like a top-level domain. Many countries use .co.tld in front of their main TLD, e.g. .co.uk...." Aha! I always thought co.uk meant "Cornwall, United Kingdom." And I couldn't figure out why all their domains were mediated through Cornwall. Every day, I meet a new opportunity to feel clueless...{{unsigned|24.79.13.247}}

1247: The Mother of All Suspicious Files

2013-08-06T11:59:39Z

Tarmakkkk: /* Explanation */

{{comic
| number = 1247
| date = August 5, 2013
| title = The Mother of All Suspicious Files
| image = the_mother_of_all_suspicious_files.png
| titletext = Better change the URL to 'https' before downloading.
}}

==Explanation==
The save dialogue shows a download from [http://www.utrace.de/?query=65.222.202.53 65.222.202.53], an IP adress that hosted javascript malware during a recent attack on the TOR anonymity network, with a very long file title. Many of the extensions used inside there indicate executable code. You also see common download syntax for a pirated movie, {{w|Hackers (film)|Hackers}}, likely included to appear malicious to anyone skimming but is actually a movie about hackers, making it a benign reference rather than malicious.

The {{w|URL}} contains the path "~tilde/pub/cia-bin/etc". The first part is a public folder of a user named tilde (which is also the name for the ~ symbol), "cgi-bin" is a common folder on a Web-Server for server side executables ([[Randall]] jokes with the name), and "etc" is a standard folder for configuration files - normally never accessible through a webserver. The program "init.dll" isn't executable at all, it's a {{w|Windows Dynamic Link Library}} which can't be run standalone, and is rarely referenced in URLs (even though such syntax is still being employed, even on [https://www.google.com/search?q=site:edu+filetype:dll reputable websites]). The question mark indicates the start of a parameter list, in this case we have only one named "FILE".

Note that the username "tilde" is the name of the ~ symbol.

The "Save" button is disabled, you still only can click the "Cancel" button. Many browsers(Internet Explorer and Firefox) will leave "Save" greyed out for a small period of time to force you to review the prompt, and prevent accidentally clicking a download popped up without direct request, but usually only a couple of seconds. The fact it is greyed out may indicate the user may still make a flash decision on this nearly indecipherable download.

The content of the parameter is shown here:
* __ (underscore underscore) - used in the C programming language to denote that a symbol is really not for public consumption
* {{w|AUTOEXEC.BAT}} - a file which is automatically run during startup on Windows/DOS operating systems.
* MY%20OSX%20DOCUMENTS - referencing the {{w|OSX}} operating system ({{w|URL_encoding#Character_data|%20}} is a representation of a space in a URL, i.e. it reads as "MY OSX DOCUMENTS").
* INSTALL.EXE - a typical {{w|Installer#Installer|installer}}
* {{w|RAR}} - a compressed archive file type
* {{w|INI_file|INI}} - a configuration file type
* {{w|Tar_(computing)|TAR}} - a file archive popular in UNIX and UNIX-like operating systems. TAR has been mentioned [[1168:_tar|before]].
* DOÇX - {{w|docx}} is an Office Open XML file, i.e. a word processing format used by Microsoft Word 2007 and above, but has no cedilla (¸)
* PHPHPHP - a play on {{w|PHP}} files, a kind of server-based web page file type. PHP is a recursive abbreviation ("PHP: Hypertext Preprocessor")
* {{w|XHTML}} - another web page file type
* TML - stands for Transducer Markup Language, an XML based markup language that specifies how to capture, time-tag and describe sensor data
* XTL - another play on {{w|XHTML}}?
* TXXT - a play on {{w|Text_file|TXT}} file types
* 0DAY - a reference to a {{w|zero-day exploit}}
* HACK.ERS_(1995)_BLURAY_CAM-XVID - a reference to the 1995 Hackers movie, but pirated movies would either be a BlurayRIP/DVDRIP or CAM, but not both at the same time unless you used a camera to recored the Blueray movie as it played?
* {{w|EXE}} - an executable file type used by Microsoft Windows
* [SCR] - a tag used by movie pirates to denote a '{{w|Screener}}', the DVD copy of films given to critics prior to theater relase. Usually the highest quality available at this time, rare, and therefor good bait for a virus laden download. "{{w|.scr}}" is also the extension for screen saver files, realy just an exe file with a different extension and one of the classical ways to distribute infected files
* {{w|Lisp (programming language)|LISP}} - programming language
* {{w|Windows_Installer|MSI}} - an installation file used by Microsoft Installer
* {{w|.lnk|LNK}} - an extension used by Microsoft Windows for shortcuts. The extension is normally hidden to the user.
* LNK, ZDA, GNN - references to {{w|Link_(The_Legend_of_Zelda)|Link}}, {{w|Princess_Zelda|Zelda}}, and {{w|Ganon|Ganon}}, important characters from {{w|The_Legend_of_Zelda|The Legend of Zelda}} video game franchise
* {{w|White_Rabbit#Television_and_films|WRBT OBJ}} - A reference to the line of code Dennis Nedry used in {{w|Jurassic Park (film)|Jurassic Park}} to shut down key systems
* {{w|Object_file|O}} - The extension for a linker file, an intermediary created when compiling C code.
* {{w|Header_file|H}} - The file extension of a header file in C code.
* {{w|SWF}} - Shockwave Flash file type
* {{w|Dpkg|DPKG}} - The Debian package management, although the package files use the file suffix ".deb"
* APP - an application on Mac OS X operating system
* {{w|ZIP_%28file_format%29|ZIP}} - compressed archive file type
* CO - looks like a {{w|List_of_Internet_top-level_domains|top-level domain}}. Many countries use .co.''tld'' in front of their main TLD, e.g. ''.co.uk''. ''.co.gz'' doesn't exist.
* {{w|Gzip|GZ}} - a compressed file using GNU zip
* {{w|A.out|A.OUT}} - Default filename when creating an executable on Linux or other UNIX-like operating systems if none was specified for the compiler.

The title text suggests changing from http to https, as if encrypting a suspicious file before downloading it is somehow better than downloading it unencrypted. http (Hyper Text Transfer Protocol) and https (Hyper Text Transfer Protocol - Secure) are the two common protocols for getting web pages and web downloads. http is the simple download, whereas https adds an SSL encryption layer so the item being downloaded cannot be viewed unencrypted by anyone except the end recipient. Changing "http" to "https" is a common suggestion to improve security when browsing the web from an insecure network (such as a public wifi hotspot) to avoid surveillance or hijacking to a malicious website; Google automatically switches to https for all mail accounts and is starting to do so with searches. The end recipient will still get whatever nasties were in the original, however - encrypting it doesn't change the content at all.

The IP address referenced in the comic, 65.222.202.53, is currently being used by the shellcode of a Javascript 0-day exploit for the Tor Browser Bundle being run by the FBI to phone home over the clearnet and de-anonymize visitors to websites on Freedom Hosting that are serving child pornography. [http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/]

==Transcript==
:[A save dialogue popup with an alert sign.]
:Warning!
:This type of file can harm your computer! Are your sure you want to download: <nowiki>http://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE</nowiki>

:[Two buttons:]
:Cancel Save

{{comic discussion}}
[[Category:Comics with color]]
[[Category:Computers]]

1247: The Mother of All Suspicious Files

2013-08-06T11:56:37Z

Tarmakkkk: /* Explanation */

{{comic
| number = 1247
| date = August 5, 2013
| title = The Mother of All Suspicious Files
| image = the_mother_of_all_suspicious_files.png
| titletext = Better change the URL to 'https' before downloading.
}}

==Explanation==
The save dialogue shows a download from [http://www.utrace.de/?query=65.222.202.53 65.222.202.53], a URL related to an attack on the TOR network by law enforcement with a very long file title. Many of the extensions used inside there indicate executable code. You also see common download syntax for a pirated movie, {{w|Hackers (film)|Hackers}}, likely included to appear malicious to anyone skimming but is actually a movie about hackers, making it a benign reference rather than malicious.

The {{w|URL}} contains the path "~tilde/pub/cia-bin/etc". The first part is a public folder of a user named tilde (which is also the name for the ~ symbol), "cgi-bin" is a common folder on a Web-Server for server side executables ([[Randall]] jokes with the name), and "etc" is a standard folder for configuration files - normally never accessible through a webserver. The program "init.dll" isn't executable at all, it's a {{w|Windows Dynamic Link Library}} which can't be run standalone, and is rarely referenced in URLs (even though such syntax is still being employed, even on [https://www.google.com/search?q=site:edu+filetype:dll reputable websites]). The question mark indicates the start of a parameter list, in this case we have only one named "FILE".

Note that the username "tilde" is the name of the ~ symbol.

The "Save" button is disabled, you still only can click the "Cancel" button. Many browsers(Internet Explorer and Firefox) will leave "Save" greyed out for a small period of time to force you to review the prompt, and prevent accidentally clicking a download popped up without direct request, but usually only a couple of seconds. The fact it is greyed out may indicate the user may still make a flash decision on this nearly indecipherable download.

The content of the parameter is shown here:
* __ (underscore underscore) - used in the C programming language to denote that a symbol is really not for public consumption
* {{w|AUTOEXEC.BAT}} - a file which is automatically run during startup on Windows/DOS operating systems.
* MY%20OSX%20DOCUMENTS - referencing the {{w|OSX}} operating system ({{w|URL_encoding#Character_data|%20}} is a representation of a space in a URL, i.e. it reads as "MY OSX DOCUMENTS").
* INSTALL.EXE - a typical {{w|Installer#Installer|installer}}
* {{w|RAR}} - a compressed archive file type
* {{w|INI_file|INI}} - a configuration file type
* {{w|Tar_(computing)|TAR}} - a file archive popular in UNIX and UNIX-like operating systems. TAR has been mentioned [[1168:_tar|before]].
* DOÇX - {{w|docx}} is an Office Open XML file, i.e. a word processing format used by Microsoft Word 2007 and above, but has no cedilla (¸)
* PHPHPHP - a play on {{w|PHP}} files, a kind of server-based web page file type. PHP is a recursive abbreviation ("PHP: Hypertext Preprocessor")
* {{w|XHTML}} - another web page file type
* TML - stands for Transducer Markup Language, an XML based markup language that specifies how to capture, time-tag and describe sensor data
* XTL - another play on {{w|XHTML}}?
* TXXT - a play on {{w|Text_file|TXT}} file types
* 0DAY - a reference to a {{w|zero-day exploit}}
* HACK.ERS_(1995)_BLURAY_CAM-XVID - a reference to the 1995 Hackers movie, but pirated movies would either be a BlurayRIP/DVDRIP or CAM, but not both at the same time unless you used a camera to recored the Blueray movie as it played?
* {{w|EXE}} - an executable file type used by Microsoft Windows
* [SCR] - a tag used by movie pirates to denote a '{{w|Screener}}', the DVD copy of films given to critics prior to theater relase. Usually the highest quality available at this time, rare, and therefor good bait for a virus laden download. "{{w|.scr}}" is also the extension for screen saver files, realy just an exe file with a different extension and one of the classical ways to distribute infected files
* {{w|Lisp (programming language)|LISP}} - programming language
* {{w|Windows_Installer|MSI}} - an installation file used by Microsoft Installer
* {{w|.lnk|LNK}} - an extension used by Microsoft Windows for shortcuts. The extension is normally hidden to the user.
* LNK, ZDA, GNN - references to {{w|Link_(The_Legend_of_Zelda)|Link}}, {{w|Princess_Zelda|Zelda}}, and {{w|Ganon|Ganon}}, important characters from {{w|The_Legend_of_Zelda|The Legend of Zelda}} video game franchise
* {{w|White_Rabbit#Television_and_films|WRBT OBJ}} - A reference to the line of code Dennis Nedry used in {{w|Jurassic Park (film)|Jurassic Park}} to shut down key systems
* {{w|Object_file|O}} - The extension for a linker file, an intermediary created when compiling C code.
* {{w|Header_file|H}} - The file extension of a header file in C code.
* {{w|SWF}} - Shockwave Flash file type
* {{w|Dpkg|DPKG}} - The Debian package management, although the package files use the file suffix ".deb"
* APP - an application on Mac OS X operating system
* {{w|ZIP_%28file_format%29|ZIP}} - compressed archive file type
* CO - looks like a {{w|List_of_Internet_top-level_domains|top-level domain}}. Many countries use .co.''tld'' in front of their main TLD, e.g. ''.co.uk''. ''.co.gz'' doesn't exist.
* {{w|Gzip|GZ}} - a compressed file using GNU zip
* {{w|A.out|A.OUT}} - Default filename when creating an executable on Linux or other UNIX-like operating systems if none was specified for the compiler.

The title text suggests changing from http to https, as if encrypting a suspicious file before downloading it is somehow better than downloading it unencrypted. http (Hyper Text Transfer Protocol) and https (Hyper Text Transfer Protocol - Secure) are the two common protocols for getting web pages and web downloads. http is the simple download, whereas https adds an SSL encryption layer so the item being downloaded cannot be viewed unencrypted by anyone except the end recipient. Changing "http" to "https" is a common suggestion to improve security when browsing the web from an insecure network (such as a public wifi hotspot) to avoid surveillance or hijacking to a malicious website; Google automatically switches to https for all mail accounts and is starting to do so with searches. The end recipient will still get whatever nasties were in the original, however - encrypting it doesn't change the content at all.

The IP address referenced in the comic, 65.222.202.53, is currently being used by the shellcode of a Javascript 0-day exploit for the Tor Browser Bundle being run by the FBI to phone home over the clearnet and de-anonymize visitors to websites on Freedom Hosting that are serving child pornography. [http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/]

==Transcript==
:[A save dialogue popup with an alert sign.]
:Warning!
:This type of file can harm your computer! Are your sure you want to download: <nowiki>http://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE</nowiki>

:[Two buttons:]
:Cancel Save

{{comic discussion}}
[[Category:Comics with color]]
[[Category:Computers]]

1247: The Mother of All Suspicious Files

2013-08-06T11:56:06Z

Tarmakkkk: /* Explanation */

{{comic
| number = 1247
| date = August 5, 2013
| title = The Mother of All Suspicious Files
| image = the_mother_of_all_suspicious_files.png
| titletext = Better change the URL to 'https' before downloading.
}}

==Explanation==
The save dialogue shows a download from [http://www.utrace.de/?query=65.222.202.53 65.222.202.53], a URL related to an attack on CHild Porn related Crime on the TOR network by law enforcement with a very long file title. Many of the extensions used inside there indicate executable code. You also see common download syntax for a pirated movie, {{w|Hackers (film)|Hackers}}, likely included to appear malicious to anyone skimming but is actually a movie about hackers, making it a benign reference rather than malicious.

The {{w|URL}} contains the path "~tilde/pub/cia-bin/etc". The first part is a public folder of a user named tilde (which is also the name for the ~ symbol), "cgi-bin" is a common folder on a Web-Server for server side executables ([[Randall]] jokes with the name), and "etc" is a standard folder for configuration files - normally never accessible through a webserver. The program "init.dll" isn't executable at all, it's a {{w|Windows Dynamic Link Library}} which can't be run standalone, and is rarely referenced in URLs (even though such syntax is still being employed, even on [https://www.google.com/search?q=site:edu+filetype:dll reputable websites]). The question mark indicates the start of a parameter list, in this case we have only one named "FILE".

Note that the username "tilde" is the name of the ~ symbol.

The "Save" button is disabled, you still only can click the "Cancel" button. Many browsers(Internet Explorer and Firefox) will leave "Save" greyed out for a small period of time to force you to review the prompt, and prevent accidentally clicking a download popped up without direct request, but usually only a couple of seconds. The fact it is greyed out may indicate the user may still make a flash decision on this nearly indecipherable download.

The content of the parameter is shown here:
* __ (underscore underscore) - used in the C programming language to denote that a symbol is really not for public consumption
* {{w|AUTOEXEC.BAT}} - a file which is automatically run during startup on Windows/DOS operating systems.
* MY%20OSX%20DOCUMENTS - referencing the {{w|OSX}} operating system ({{w|URL_encoding#Character_data|%20}} is a representation of a space in a URL, i.e. it reads as "MY OSX DOCUMENTS").
* INSTALL.EXE - a typical {{w|Installer#Installer|installer}}
* {{w|RAR}} - a compressed archive file type
* {{w|INI_file|INI}} - a configuration file type
* {{w|Tar_(computing)|TAR}} - a file archive popular in UNIX and UNIX-like operating systems. TAR has been mentioned [[1168:_tar|before]].
* DOÇX - {{w|docx}} is an Office Open XML file, i.e. a word processing format used by Microsoft Word 2007 and above, but has no cedilla (¸)
* PHPHPHP - a play on {{w|PHP}} files, a kind of server-based web page file type. PHP is a recursive abbreviation ("PHP: Hypertext Preprocessor")
* {{w|XHTML}} - another web page file type
* TML - stands for Transducer Markup Language, an XML based markup language that specifies how to capture, time-tag and describe sensor data
* XTL - another play on {{w|XHTML}}?
* TXXT - a play on {{w|Text_file|TXT}} file types
* 0DAY - a reference to a {{w|zero-day exploit}}
* HACK.ERS_(1995)_BLURAY_CAM-XVID - a reference to the 1995 Hackers movie, but pirated movies would either be a BlurayRIP/DVDRIP or CAM, but not both at the same time unless you used a camera to recored the Blueray movie as it played?
* {{w|EXE}} - an executable file type used by Microsoft Windows
* [SCR] - a tag used by movie pirates to denote a '{{w|Screener}}', the DVD copy of films given to critics prior to theater relase. Usually the highest quality available at this time, rare, and therefor good bait for a virus laden download. "{{w|.scr}}" is also the extension for screen saver files, realy just an exe file with a different extension and one of the classical ways to distribute infected files
* {{w|Lisp (programming language)|LISP}} - programming language
* {{w|Windows_Installer|MSI}} - an installation file used by Microsoft Installer
* {{w|.lnk|LNK}} - an extension used by Microsoft Windows for shortcuts. The extension is normally hidden to the user.
* LNK, ZDA, GNN - references to {{w|Link_(The_Legend_of_Zelda)|Link}}, {{w|Princess_Zelda|Zelda}}, and {{w|Ganon|Ganon}}, important characters from {{w|The_Legend_of_Zelda|The Legend of Zelda}} video game franchise
* {{w|White_Rabbit#Television_and_films|WRBT OBJ}} - A reference to the line of code Dennis Nedry used in {{w|Jurassic Park (film)|Jurassic Park}} to shut down key systems
* {{w|Object_file|O}} - The extension for a linker file, an intermediary created when compiling C code.
* {{w|Header_file|H}} - The file extension of a header file in C code.
* {{w|SWF}} - Shockwave Flash file type
* {{w|Dpkg|DPKG}} - The Debian package management, although the package files use the file suffix ".deb"
* APP - an application on Mac OS X operating system
* {{w|ZIP_%28file_format%29|ZIP}} - compressed archive file type
* CO - looks like a {{w|List_of_Internet_top-level_domains|top-level domain}}. Many countries use .co.''tld'' in front of their main TLD, e.g. ''.co.uk''. ''.co.gz'' doesn't exist.
* {{w|Gzip|GZ}} - a compressed file using GNU zip
* {{w|A.out|A.OUT}} - Default filename when creating an executable on Linux or other UNIX-like operating systems if none was specified for the compiler.

The title text suggests changing from http to https, as if encrypting a suspicious file before downloading it is somehow better than downloading it unencrypted. http (Hyper Text Transfer Protocol) and https (Hyper Text Transfer Protocol - Secure) are the two common protocols for getting web pages and web downloads. http is the simple download, whereas https adds an SSL encryption layer so the item being downloaded cannot be viewed unencrypted by anyone except the end recipient. Changing "http" to "https" is a common suggestion to improve security when browsing the web from an insecure network (such as a public wifi hotspot) to avoid surveillance or hijacking to a malicious website; Google automatically switches to https for all mail accounts and is starting to do so with searches. The end recipient will still get whatever nasties were in the original, however - encrypting it doesn't change the content at all.

The IP address referenced in the comic, 65.222.202.53, is currently being used by the shellcode of a Javascript 0-day exploit for the Tor Browser Bundle being run by the FBI to phone home over the clearnet and de-anonymize visitors to websites on Freedom Hosting that are serving child pornography. [http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/]

==Transcript==
:[A save dialogue popup with an alert sign.]
:Warning!
:This type of file can harm your computer! Are your sure you want to download: <nowiki>http://65.222.202.53/~TILDE/PUB/CIA-BIN/ETC/INIT.DLL?FILE=__AUTOEXEC.BAT.MY%20OSX%20DOCUMENTS-INSTALL.EXE.RAR.INI.TAR.DOÇX.PHPHPHP.XHTML.TML.XTL.TXXT.0DAY.HACK.ERS_(1995)_BLURAY_CAM-XVID.EXE.TAR.[SCR].LISP.MSI.LNK.ZDA.GNN.WRBT.OBJ.O.H.SWF.DPKG.APP.ZIP.TAR.TAR.CO.GZ.A.OUT.EXE</nowiki>

:[Two buttons:]
:Cancel Save

{{comic discussion}}
[[Category:Comics with color]]
[[Category:Computers]]