Computer Security 5 | ***Dave Does the Blog

Life imitates Dilbert

After the recent discussion of Symantec software and problems therein, I found today’s entry on my Dilbert calendar particularly amusing.

I think I’ve had phone conversations with both sets of parents inspired by these sorts of messages …

“Dave, I’d like you to meet Symantec Firewall. You were asking about security for laptops, and we have the licenses, along with our AV, to use this, so this is the package we in the Security group are using.”

“Nice to meet you, Symantec Firewall.”

“Nice to meet you, dear. I’m sure we’re going to be great friends …”

A few months ago …

“What — what is this?”

“Sorry, SF — it’s just not working out.”

“But — but — we were so happy!”

“Then you started arbitrarily and mysteriously blocking applications.”

“La-la-la-la-la –“

“And you ignored me when I complained and asked for help. And when I’d try to go into your client, you’d crash.

“La-la-la-la-la –“

“We can’t go on this way! It’s over! So I’m uninstalling you.”

“You can’t uninstall me!”

“Just watch me.”

“No, I mean you can’t uninstall me. I’ll make the uninstall process crash, too! You just watch! You’ll never be rid of me! Never!”

“Oh, yeah? There’s more than one way to skin a cat. Aaaand … ah, there you are, you and your startup services. What if I just pull a line out of the login script here … and here …”

“Daisy, Daisy, giiiveee meeeee yoooooooooo …”

“SF? SF? Did she finally get the message? Here, let me restart. SF? SF? No icon. No sign of the services. Whew. Looks like she finally gave up, went off, got a life. Oh, well. No hard feelings. It was fun while it lasted.”

Last week …

“Think’s he’s so smart … Such a big man, Mister Former IT Tech Guy. Been laying low, though. Not showing myself, letting him think he won. I’ll show him … First I’ll kill his rabbit. No, wait … maybe I’ll just … creep in from the shadows … not display any icon … not alert the Windows Firewall (the hussy) … and start blocking Internet applications … all of ’em! Well, all except that IE crap, they deserve each other … He’ll never see me coming! Yeah, that‘ll show him … nobody uninstalls Symantic Firewall and gets away with it …”

Today …

“Well, sir, let that be a lesson to you.”

“Wow. I had no idea … I thought she was gone. I never expected her to actually … stalk me.”

“We’ve seen it before with her type. It can be tough to pry ’em out of your life. Like a bad penny, they just keep showing up.”

“But a SWAT team? You really needed the sharp-shooters and a floor-by-floor clearing of the building?”

“It was either that or nuke her from orbit — it’s the only way to be sure.”

“Well, I’ve certainly learned something.”

“And what’s that?”

“Never touch Symantec/Norton products with a ten foot pole. Not unless you plan to live with ’em for the rest of your life.”

“Words to live by, sir. Words to live by.”

-fin-

Previous posts in the matter: 1 2 3

“GOOD DAY”

Sometimes I don’t think these guys are even bothering to try very hard.

From: Upgrade Srevice Team (iinfo@update.com)
To: account_up_grade@[domain I’ve never heard of]
Subject: GOOD DAY
Dear Webmail account User,
This message is from Webmail account update Service team
messaging center to all subscribers/webmail users. We are currently
upgrading our data base and e-mail center due to an unusual activities
identified in our email system. We are deleting all unused Webmail
Accounts. to create space for new ones.
You are required to verify your webmail account by
confirming your Webmail identity. This will prevent your Webmail
account from been closed during this exercise.In order to confirm
your Web-Mail identity, you are to provide the following data;
First Name:
Last Name:
Username/ID:
Password:
Date of Birth:
*Important*
Please provide all these information completely and correctly
otherwise due to security reasons we may have to close your account
temporarily.We have been sending this notice to all our email account
owners and this is the last notice/verification exercise.
webmail service Maintenance team.

Not the best phishing attempt out there. But keep trying, guys!

It’s my lucky day!

I got an email from the “Tobacco News Center”! And, guess what! It was “**Winning Notification**”!

What could I have won? I must open it!

Whee!

Your email ID has been awarded 1,000,000,00 GBP in our recent tobacco promo,Contact this office via:
Name:………………..
Country:……………..
Sex:…………………
Age: …………………
Address:……………….

Wowee! That’s a lot of money! I’ve just quit my job right now, so I can devote myself to planning my new lifestyle, starting with getting in contact with the “Tobacco News Center” to collect my cool …

… hey, waitasecond! Those zeroes are grouped funny! Is that a hundred million GBP … or a billiion GBP … or maybe a milliard GBP! Or, maybe … just maybe … it’s a fake!

Yikes! How do I recall an email?!

Wow — this is so much not the kind of martial arts I am into

I.e., the kind where it’s more about financial arts. (Names redacted / changed below.)

Attention Fellow Martial Artists,
I need your help with something that I am working on.

Do tell! I mean, one of the things we learn in traditional martial arts is to help and support and respect each other.

Hi, Grand Master [Redacted] here. I have been a martial artist for the past 40 years. I ran a wildly profitable Kenpo School in [Mid-Sized Western City]. Part of my success was the fact that I
uncovered the hidden secrets of how to literally print money in the back of my Dojo. (just kidding)

Actually, I’m not sure he’s kidding.

Since I no longer own the school (I sold it to a competitor) I would like to show YOU how you can quickly and easily copy my success. (I enrolled more than 180 new students in less than 6 month and 80 % of ALL my students were in the Black Belt Club with a 3.5 year training agreement and paying Premium monthly fees).

Ah! True enlightenment, sensei-san! Because, after all, it’s all about getting the young’uns and their parents to pony up for long-term premium contracts!

This is where I need your help. Before I spend hundreds of hours writing manuals, recording CDs and videos I am hoping that you could give me some ideas as to what info is most important to YOU and what will help you become more successful. (see questions on the bottom)

Hmmmm. I’m afraid all my questions are about, y’know, martial arts. As opposed to Making Big Bucks At Your Very Own Dojo. I guess that’s why you’re a sensei / grand master / high poobah, and I am but a lowly mark, er, student.

As a THANK YOU Gift for helping me out, I will give you a HUGE discount off the regular price, when I release the information.

“Before I spend hundreds of hours working (bleah), let me have you do half my work for me. And then charge you for it. That’s how I really rake in the big bucks!”

To participate, simply hit the ‘Reply’ button and send me your answers to the questions below.
Q 1. What would you like to be able to do better –
   – How to answer the phone better so your prospects come to their lesson
   – Kick ass enrollment program that closes 83% of your prospects
   – Learn how to teach fun and exiting classes to keep students motivated
   – Learn how to upgrade students into the BBC quickly & easily
    – anything else that you want to learn

I kind of wanted to be able to do my kata better, and maybe get some sparring tips.

Although it’s nice to see that you want to teach how to expose people to all sorts of cross-cultural influences, not just Oriental martial arts, but also the works of the British Broadcasting Company. Oh, wait, that’s “Black Belt Club.” Right.

Q 2. What format would you like the information in?
   – written manuals
   – CDs / audio recordings
   – Videos / DVDs

“Tell me what you’re most likely to buy, and in what format, so that I can sell it to you. And you’ll get a great deal on the price — trust me!”

I am looking forward to getting your feedback today.

Only if you read my blog.

Sincerely yours,
GM [Name Redacted], PhD

Wow — if you’d told me you were a PhD, I would have had so much more respect for you from the get-go — oh, wait, it was in your email subject line. How could I have missed it?

(and a Game Master — oh, wait, Grand Master, right. Or is that Genetically Modified? Or General Motors? Or Gimme Money?)

10th Dan – Bushido Kenpo

For the uninitiated, “Dan” refers to a rank of black belt. In most, um, traditional martial arts, 10th Dan would be the highest possible rank. Think of it as the five-star general of the martial arts scene. And, just imagine — he’s attained that exalted rank! Impressive! Astonishing! Inconceivable! I mean, Incredible. I mean …

P.S. Now go ahead and hit the “Reply” button and send me the answers to the questions and you will SAVE BIG when the information is released.

I can hardly wait. Or perhaps I can.

Also for the uninitiated, this is what’s know as a “McDojo,” where the goal is on big sales, big contracts, and the quality of the product is … um … not quite as important.

Now, don’t get me wrong — martial arts instructors need to eat, too. They’re not all monks in a temple (who have to eat, too) any more. But it doesn’t take any reading between the lines to see what GM Redacted PhD is really interested in here — and it’s not learning, or teaching, martial arts.

Doing a search on Bushido Kenpo is kind of interesting. Actually, shockingly, I’m not the only one to have gotten one of these letters — though evidently he’s been doing this for a few years. He also used to ask a couple more questions (alas, the bolding is lost):

Q 3. How much do you think other Martial Artists would pay for this information? Remember, you are getting it at a HUGE discount.
Q 4. Last question. Please tell me a little about yourself so that I can properly set up your “Martial Arts Inner Circle Club” membership
– Your name
– rank
– name of your school
– complete address
– phone number
– system/style you teach
– number of students
– last time you were promoted
– how long have you been in the arts
– what association do you belong to

Riiiiiight. “Not only do I want you to tell me what you want to buy, but I want you to set a price for it and help me build a sales list, too!”

And given that this particular instance was dated a year ago … evidently he still hasn’t released that info that I’m going to be given a HUGE DISCOUNT on. Or, perhaps he has, but he keeps, um, refining it for his latest audience.

Scroll down for some delightful commentary, including some research into his past experience, his “PhD,” etc. I didn’t register at the site to be able to look at the links, but the verbiage around them is priceless — as is this link [warning, annoying popup] to one of his home sites.

There’s a ton more, but life is too short.

Now, again, I don’t begrudge martial arts teachers earning a living at it, any more than I begrudge application developers making a living at their trade. And a martial arts teacher needs to be a good business person to make a professional career of it (as opposed to a hobby).

But if I’m going to learn about a martial art — and pay for it — I want to learn from someone who at least feigns more interest in my training than in whether I’m joining the Platinum Belt Club for a Remarkably Low Monthly Fee with an Opportunity to Open My Own Franchise and Make Big Bucks Once I Learn the Secret of the Grand Master PhD’s Success (for a Small Additional Fee)!

Feh.

Um … no phishing allowed

Well, the verbiage is more believable, but they haven’t quite figured out how to make a really decent spoof of a web address: Due to recent account takeovers and unauthorized…

Well, the verbiage is more believable, but they haven’t quite figured out how to make a really decent spoof of a web address:

Due to recent account takeovers and unauthorized listings, Capital One is requesting a new account verification procedure. From time to time, randomly selected accounts are placed under an advanced updating process based on merchant accounts / bank relations and on-file credit cards.
We would like to inform you that your Capital One account is currently locked. To unlock your account, you need to confirm your information on file with us by going to:
http://h-74-2-228-70.[covad address redacted]/www.capitalone-online.net/c1/ssh/
Capital One may also request scanned/faxed copies of your photo ID.
To speed up the verification process, please update your information within the next 24 hours.
We apologize for any inconvenience this may have caused.
Thank you for using Capital One.

It bears repeating to anyone who gets something like this, even if it looks legit:

Never click through.
Go to the company main web page (do it by name, don’t do it from any address on the email), then go to your account information from there.
Or call the customer service number on the back of the credit card or bank statement.

Potpourri on a Wednesday Night

THIS STUFF MAKES ME MAD AND/OR SAD Top Maryland cops ordered nonviolent peace activists’ names added to anti-terror, drug trafficking databases… – So a bunch of non-violent peace activists get entered…

THIS STUFF MAKES ME MAD AND/OR SAD

Top Maryland cops ordered nonviolent peace activists’ names added to anti-terror, drug trafficking databases… – So a bunch of non-violent peace activists get entered into national terrorist databases, just because. Nice. Remember — don’t just look at laws and legal tools based on what their purpose is, but how it can (and, thus, will) be abused.
Fundies wail over Hallmark’s line of same-sex couple cards… – Includes a nice link to Hallmark’s feedback site where you can actually send them a thank-you note.
Clickjacking: Web pages can see and hear you – Mutter mutter mutter ….
Past 15 months have resulted in a $2 trillion loss in retirement accounts … – Um … good thing my retirement is just far enough away to either see the economy finely recover, or to make my comic book collection invaluable for its fire-starting capabilities.
Lawmakers steamed over ritzy AIG retreat after bailout… – Crikey. Even if a retreat were a good idea (which it may well have been), you schedule it for the local Holiday Inn and no room service, I mean it, guys!
Data-mining sucks: official report – “What? We read all your private information and we still can’t definitively tell you’re a terrorist! Rats! Back to the drawing board!”
“We as Christians, We are Persecuted and Oppressed” – “… because they won’t let us preach as state officials in the name of Jesus! That’s violating our First Amendment rights!”
New religious reality TV show: “The Holy Hookup.” – Or you can watch something a lot more wholesome and uplifting, like “Fear Factor” or “The Bachelor.”
the stupid, it burns – Now announcing the Global War on Student Pencil Sharpeners. Which is great, unless you’re a student caught with one.

THIS STUFF MAKES ME THINK

Decluttering for Geeks – Just for other people to read. I mean, it’s not that that I need help decluttering. No, really, I can stop with the clutter any time I want. No, really. Hey, why is everyone laughing?
Ford Announces Family-Friendly Safety Features – Some very spiffy safety features (and teen-control key systems).
Do Toddlers Dream of Electronic Pets? – Very cool — but “real” pets have some features that robo-pets don’t, teaching kids about life processes (and its value), the need care for others, and how you can’t just turn off everything that bugs you at 3 a.m. (though you can boot it off the bed).
The Toll of Coal – Even the “clean” kind.
‘Intelligent’ computers put to the test – Not your father’s Eliza.
New in Labs: Stop sending mail you later regret – This is one of the most bizarre, yet intriguing, ideas to come out of Google Labs in some time. When you try to send an email late at night, it prompts you first with some math problems, to make sure you are thinking clearly (or soberly) enough to be sending an email you might otherwise regret.
Some folks substituting toys for candy on Halloween… – I’m okay with candy. Katherine has a ton of it, probably some from last Halloween, because it gets very slowly rationed out. The biggest problem with Halloween candy in our house is that we buy stuff to give away that we actually like. And there are always left-overs.

THIS STUFF MAKES ME HAPPY

Justice Delayed, But Justice Nonetheless – A federal judge orders that Gitmo detainees found not to be a threat can’t just be held indefinitely because the government isn’t sure what to do with them. Jeez, what concept.
APOD: 2008 October 5 – Earth at Night – Mary forwards a spiffy satallite image of the world at night. Purty.
Peugeot HYmotion3 Compressor concept is high tech,… – A high-efficiency, pretty-safe-looking motorcycle. Oooooooh …
2008 Ig Nobels honor best, weirdest scientific research – Brilliant!
Suburban mom’s duet with Sting – A very cool story.
Educators Say Art Education Improves Test Scores – But it’s not the 3 Rs! It must be cut for more NCLB test prep!
PHOTOS: Best Science Images of 2008 Announced – National Geographical glee!
Internet Mad Scientist Has Best Personal Library in the World… – Money can’t buy happiness? This would make me damned happy every time I walked into it.
Replicate Yourself in LEGO … for just $60K – Okay, this would make me happy, too.
Cool Stuff: WETA’s $6000 Steampunk Raygun | /Film – Um … as would this.

THIS STUFF SHOULD HAVE BEEN IN A POLITICAL POST

PANIC! – A remarkable number of conservatives think Tuesday’s debate was the death knell of the McCain candidacy.
ANALYSIS: What The Primaries Can Tell Us About The Last Month Of The General Election… – An interesting analysis of the primaries, and how the two candidates’ experience affected the campaign to date. Ironically, while the bitter-to-the-end Democratic struggle was thought to have harmed Obama, it may have strengthened him against last-man-standing-by-default McCain. After all, there’s no accusation they can toss at Obama that he didn’t already have to answer to Clinton.
This Is How to Write an Endorsement – The New Yorker does a thorough analysis, and writes some very complementary words about Obama.

Google Reader, Feedburner, Firefox

So I was having a problem — have been having a problem for quite some time — with certain feeds in Google Reader. It appeared that most (though it…

So I was having a problem — have been having a problem for quite some time — with certain feeds in Google Reader. It appeared that most (though it wasn’t clear that it was all) feeds that came via Feedburner (which, annoyingly, included many from Google itself) were not working correctly. I’d click on the feed, GR would pause a bit, refresh the screen, and then just stay in a “Loading …” state, never giving me the feed.

Ugh.

The problem only occurred in Firefox (not in Chrome, nor in IE). I tried a few times to find the problem on the Google Reader forums, and in Firefox support, and even Feedburner’s pages, but got nowhere.

I finally hit on the right search string in (ironically) Google — or at least where someone was having the same problem with Firefox a year ago. This was also ironic because last night I was trying to solve a problem that Margie has been having since her FF upgrade to 3.0.1 (YouTube videos play for about 2 seconds, then stop; that one’s still being worked on), and folks there were complaining about the problem back in the FF 2 days, too. (Another irony here is that Google owns Feedburner.)

At any rate, I tried the various things the post suggested trying (not much), until I spotted one little comment at the very end: “Adblock…that little beast!”

Adblock? Adblock?

For those just coming in, Adblock is a faboo extension (I use the Adblock Plus version) to block ads on web pages. It’s really that simple. It looks (via various filters defined and subscribed to / updated) for certain strings embedded on web pages and blocks them. You have no idea how much visual cruft and advertisements are on web pages until it’s gone … or until you’re used to it being gone, and then go use another browser and it’s back. “Gah! My eyes!” No more animated banners, no more huge billboards in the sidebar … it’s quietly glorious. Or gloriously quiet.

At any rate, that seemed way too simple. Why would Adblock be blocking Feedburner stuff? But, sure as shooting, when I went in to see what Adblock was blocking (which is easy to do), there were eleventy-dozen Feedburner elements.

Well … golly.

It was a matter of a few seconds to configure an exception and put it in place, and, hey-presto, Google Reader on Firefox is now reading and displaying all the Feedburner feeds.

After which, I found this thread, which resolves the one above. In the comments, it actually goes into where the problem was (and I’ve disabled the “Dutchblock” subscription, which explicitly had feeds.feedburner.com in it as a filter for unknown reasons). (And, yes, I’ve checked to see if this is Margie’s problem, but it’s not).

So problem solved, all’s right with the world. No less enamored of Adblock / Adblock Plus, but it is one more spot to do diagnoses on in the future (and a small cautionary note about environmental complexity and how it affects attempts to diagnose problems).

(And I’m going into all this detail largely for anyone in the future who’s facing this same problem and trying to deal with it. Hope this helps someone else.)

Potpourri sans Politics

Look, Ma! No politics! Movie Poster Floating Heads « Posterwire.com « the movie poster weblog – This is pretty funny. (Especially since it’s my least favorite kind of poster.) Wizard 101…

Look, Ma! No politics!

Movie Poster Floating Heads « Posterwire.com « the movie poster weblog – This is pretty funny. (Especially since it’s my least favorite kind of poster.)
Wizard 101 Review – Hmmmm. Doyce was mentioning this the other evening. An MMO that Katherine might enjoy …
TypePad AntiSpam: Four Months of Spam Freedom – Flagging this (again) for future consideration.
Watchmen Trial Set For January – *HEAVY SIGH*. Swelp me, if this movie gets derailed …
Dr. Horrible Soundtrack Available – On the other hand, glee! Or, alternately, BWAH-HA-HA!
E-discovery woes – I’ve been involved with e-discovery for law suits (“give us every email from every person on this project or by anyone who they talked to or anything that has the following words in it for the last two years; oh, by the way, add another year to that now that you’ve put all the tapes away”), and it’s a huuuuge time sink.
A Fly Went By – How do flies get away from swatters? Now we know. Plus, a tactic for nailing the buggers.
What’s in a name? Spam. – People with email accounts that start with certain letters get more spam than others.
Gravestone motif analysis – Just plain ol’ geeky-Net-knowledge fun.
McSweeney’s Internet Tendency: Footnotes, Endnotes,… – Some words of advice to students.
South Carolina sheriff buys tank to conduct raids – Someone sure seems to be compensating for something!
Introducing Picasa 3.0 (and big changes for Picasa… – Which would be keen, if I wasn’t already hip-deep in other tools
Google Chrome and Browsing With Google Chrome – Yeah, I’m going to have to try this out. But I have some non-negotiables regarding some extensions I use.
Poisonous recipe recalled – Yow. That makes up for all the tablespoon/teaspoon errors I’ve everr made.

Potpourri before a long weekend

GUARANTEED POLITICS-FREE! No time to think? – I make it a near-religious point to get out for a walk at work every day. Except, ironically, when I’m working at home. Dead…

GUARANTEED POLITICS-FREE!

No time to think? – I make it a near-religious point to get out for a walk at work every day. Except, ironically, when I’m working at home.
Dead Sea Scrolls to go digital on Internet (Reuters) – The scholarly and political wrangling over the Scrolls in the 60 years or so since their discovery is scandalous. This is welcome news.
U.S. Moves Toward International Accounting Rules – I have no idea if this is a Good Thing or a Bad Thing — but I’m sure this will cause our Finance Dept. (and, thus, IT) fits.
The Uncertain Science of Sleep – All I know is … I need more of it.
Tropical Storm Gustav Threatens U.S. Energy Infrastructure – The biggest concern is, of course, the impact on people living in wherever it comes ashore. Beyond that, though, this could have major and catastrophic impacts on gas prices, and thus on the economy.
Folks, this is the new wave: SWF file redirects continue – If you don’t know who it’s from, and it’s not something you were expecting, don’t open the frelling attachment!
What people are really afraid of when they say they’re offended – Being offended is not a violation of your civil rights, nor does it call for government action. Societal action for rudeness, maybe — if you can get society to go along with you. But the delicate psyches of the chronically offended — whether based on ethnicity, religion, or ideology — are a threat to our civil liberties only surpassed by … well, the current Administration (sorry, that was political, wasn’t it).
Troubleshoot a Slow Home Network [Wi-Fi] – Filed for future reference.
NBC Re-ups Chuck – Huzzah!
Small gallery of old comic book ads – There’s some amazing stuff here. Sadly, my cynical nature keeps me looking for the catch in each ad (a la “Sea Monkeys”).

O NOEZ WITH POLITIX!

GOP considers delaying convention – Washington Post-… – Yeah, don’t want people to think of the GOP partying while a city gets flooded or something. Oh, wait …
Toby Barlow: The Great Elementary School Conspiracy – LOL
Harris McDowell: They Don’t Know Joe: The Secret of… – A positive article.
Fear and Loathing | Democratic National Convention… – Some nice pictures (irregardless of politics) of the unchoreographed aspect of the DNC.
Man ejected from Yankee Stadium because left his seat… – I feel more secure, don’t you?
Dear morons in the Press, allow me to buy you a clue – BD rips the architecturally ignorant Repunditcans a new one. Nicely done.
Hentoff on Bush’s Surveillance Fetish – The chance that the Democratic Congress will actually block this seems, based on the track record, next to nil. And once a president has a power — and, sadly, I’m not sure Obama will be any better about this than McCain — he never comes up with a good reason to let it go.

Putting human brain cycles to work

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are those little “type the word/letters/numbers you see above” tests on various web pages to prove you are…

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are those little “type the word/letters/numbers you see above” tests on various web pages to prove you are actually a human not just a computer. If you spend much time online, you are likely to run into them.

Two articles in the past couple of days — one on NPR, one at the BBC, talk about a new program, “reCAPTCHA,” that is tying CAPTCHAs into library scanning efforts to put the human brain to use deciphering faded text that computers can’t recognize.

In some documents, where ink has faded and paper has yellowed, the character reading software can flag up to 20% of words as indecipherable. The hard-to-read words are then farmed out to the many thousands of sites that have signed up to be Recaptcha partners. Words are supplied to sites along with a control word that aims to ensure the person answering is human.
The responses to the obscured text are added to a database and particularly mangled text will be put before several people to ensure it is read accurately. Reporting in the journal Science the Recaptcha team says the scheme is about 99.1% accurate – as good as professional transcribers and beyond the limit demanded by archivists.

Deucedly clever.

In the last year it has helped resolve more than 440 million words and has just helped to complete the conversion of the entire archive of the New York Times from 1908 into digital form.

Excellent. If I didn’t already have a similar mechanism on this site (the little TinyTuring “type the letter” test at my comments) that works so well and easily, I’d be sorely tempted to sign up.

Survey says … SPAAAAM!

Wow! Ninety dollars, and all I have to do is execute a script on your web page? Awesome! Dear Customer, You’ve been selected to take part in our quick and…

Wow! Ninety dollars, and all I have to do is execute a script on your web page? Awesome!

Dear Customer,
You’ve been selected to take part in our quick and easy 9 questions survey
In return we will credit $90.00 to your account – Just for your time!
Please spare two minutes of your time and take part in our online survey
so we can improve our services.
Don’t miss this chance to change something.

Aside from dearth of logo and a few awkward bits in grammar, this is done pretty well. Some folks might get confused.

To access the form please copy/paste the link below in your browser (or click the link):
http://www.[redacted].co.kr:8080/CUNA/online.survey/survey.php

So … why are you having me link to a Korean web site — and run a survey script link? To be fair, most phishing sites will have an HTML link so you don’t see the home site unless you hover over it. But that just means these guys are incompetent, not honest.

The Credit Union National Association (CUNA) is the premier national trade association serving credit unions. Ninety percent of America’s credit unions are affiliated with CUNA.
© Copyright © 2008 – Credit Union National Association, Inc.

Notice that they don’t say (even with two copyright symbols) that they actually are the CUNA. Not that I’d believe them if they did.

Note:
* If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.

I’m amused at all the security notices at the bottom of this.

Survey ID :
[Long string of letters redacted]

Wow, that sure looks official, all right! Sign me up!

Government Notice!

Well, if it’s from the government of Nigeria, not some unknown widow, charity, or lawyer, it must be true! OFFICE OF THE SENATE HOUSE FEDERAL REPUBLIC OF NIGERIA COMMITTEE…

Well, if it’s from the government of Nigeria, not some unknown widow, charity, or lawyer, it must be true!

OFFICE OF THE SENATE HOUSE
FEDERAL REPUBLIC OF NIGERIA
COMMITTEE ON FOREIGN PAYMENT
(RESOLUTIONPANEL ON CONTRACT PAYMENT)
IKOYI-LAGOS NIGERIA
Our Ref: [redacted]
Your Ref [redacted].
BENEFICARY, THIS IS TO OFFICIALLY INFORM YOU THAT WE HAVE VERIFIED YOUR CONTRACT/INHERITANCE FILE AND FOUND OUT THAT WHY YOU HAVE NOT RECEIVED YOUR PAYMENT IS BECAUSE YOU HAVE NOT FULFILLED THE OBLIGATIONS GIVEN TO YOU IN RESPECT OF YOUR CONTRACT/INHERITANCE PAYMENT.
SECONDLY WE HAVE BEEN INFORMED THAT YOU ARE STILL DEALING WITH THE NONE OFFICIALS IN THE BANK YOUR ENTIRE ATTEMPT TO SECURE THE RELEASE OF THE FUND TO YOU. WE WISH TO ADVISE YOU THAT SUCH AN ILLEGAL ACT LIKE THESE HAVE TO STOP IF YOU WISH TO RECEIVE YOUR PAYMENT SINCE WE HAVE DECIDED TO BRING A SOLUTION TO YOUR PROBLEM. RIGHT NOW WE HAVE ARRANGED YOUR PAYMENT THROUGH OUR SWIFT CARD PAYMENT CENTER ASIA PACIFIC THAT IS THE LATEST INSTRUCTION FROM MR. PRESIDENT, UMARU MUSA YAR’ADUA (GCFR) FEDERAL REPUBLIC OF NIGERIA. AND FBI.THIS CARD CENTER WILL SEND YOU AN ATM VISA CARD WHICH YOU WILL USE TO WITHDRAW YOUR MONEY IN ANY ATM MACHINE IN ANY PART OF THE WORLD, BUT THE MAXIMUM IS TWENTY FIVE THOUSAND DOLLARS PER DAY, SO IF YOU LIKE TO RECEIVE YOUR FUND THIS WAY PLEASE LET US KNOW BY CONTACTING THE CARD PAYMENT CENTER Mary william ON HIS EMAIL ADDRESS: [redacted] Direct Tel: [redacted]:
AND ALSO SEND THE FOLLOWING INFORMATION:
1. YOUR FULL NAME
2. PHONE AND FAX NUMBER
3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM VISA CARD
4. YOUR AGE , CURRENT OCCUPATION AND POSITION THE ATM VISA CARD PAYMENT CENTER HAS BEEN MANDATED TO ISSUE OUT USD4.2MILLION AS PART PAYMENT FOR THIS FISCAL YEAR 2008. ALSO FOR YOUR INFORMATION, YOU HAVE TO STOP ANY FURTHER COMMUNICATION WITH ANY OTHER PERSON(S) OR OFFICE(S) TO AVOID ANY HITCHES IN RECEIVING YOUR PAYMENT. FOR ORAL DISCUSSION, EMAIL ME BACK AS SOON AS YOU RECEIVE THIS IMPORTANT MESSAGE FOR FURTHER DIRECTION AND ALSO UPDATE ME ON ANY DEVELOPMENT FROM THE ABOVE-MENTIONED OFFICE.
NOTE THAT BECAUSE OF IMPOSTORS, WE HEREBY ISSUED YOU OUR CODE OF CONDUCT, WHICH IS (ATM VISA CARD-[redacted 3-digit code]) SO YOU HAVE TO INDICATE THIS CODE WHEN CONTACTING THE CARD CENTER BY USING IT AS YOUR SUBJECT. Best Regards
David Mark
SENATE PRESIDENT

My only confusion is why it’s signed by David Mark, but the Rocketmail account it comes from has a different name. It is a puzzlement.

Inquiring minds want to know!

I have to admire this particular bit of spam for its ingenuity in getting folks to open it, then read it: Subject: Nadal disqualified from Wimbledon win Body: Hillary…

I have to admire this particular bit of spam for its ingenuity in getting folks to open it, then read it:

Subject: Nadal disqualified from Wimbledon win
Body: Hillary Clinton announces divorce from Bill Clinton, citing irreconcilable differences

Followed by a link that no doubt does Terrible Things if you click on it.

Now, aside from the gaffe that the subject line doesn’t go with the body text, this is downright ingenious. Folks have gotten suspicious of offers of free money and pharmaceutical improvements to their organs, but offer up some juicy sports news and/or political gossip, and people are so there.

It’s evil, in an almost admirable way.

They don’t teach this stuff in IT school

If your engineering company is involved in the building of mine works at a central Colorado molybdenum site, you will probably, sooner or later, get a request from a rather…

If your engineering company is involved in the building of mine works at a central Colorado molybdenum site, you will probably, sooner or later, get a request from a rather sheepish engineering manager that you update the company spam filter to white-list the terms “erection” and “Climax.”

Movable Type: static publishing with dynamic CGI script names

Well, that little digression turned into a big time sink. A few weeks back I converted my WIST quotations site into a static published site, rather than dynamic. That took…

Well, that little digression turned into a big time sink.

A few weeks back I converted my WIST quotations site into a static published site, rather than dynamic. That took a chunk of disk space, but the performance for calling up individual pages (and having them index) should save time.

So, today it I was in the mt-config.cgi file (to turn off the autosave function), when I realized it had been three weeks since I renamed my comment and trackback scripts. I’ve found that’s a moderately helpful way of foiling certain spammers.

I was about to do that, when it suddenly occurred to me that, unlike before, not all of my individual entry pages in my various blogs were still dynamic. WIST’s pages are static (actual HTML files generated at creation, vs. dynamic pages generated from the database on the fly). If I changed the names of the comment and trackback CGI files in the configuration, I would have to rebuild all my pages. Which, last time I did it, was a multi-hour task (that may have been in part because it was the first time I’d done it; I haven’t timed it again lately).

Ugh.

So instead, I needed a way for the script names to be dynamic when a given page is called, but the rest of the page to be static the rest of the time. Here’s what I did.

1. Create two new index templates, one for each script name.

I figured I could use Server Side Includes (SSI) as the dynamic source of the CGI script names. You can create SSIs from MT without too much trouble (as the output file associated with a template), but to have them “built” with the value they need, so they need to be done as Index Templates (vs Template Modules), flagged to rebuild with each rebuild.

So I created a “dynamic comment script” index module that creates dynamic_comment_script.inc, and has as a single line:

<$MTCommentScript$>

That tag will return the of the comment script. Then I did the same trackbacks.(“<$MTTrackbackScript$>” etc.)

So now whenever a rebuild happens, those two .inc files will have the name of the script (e.g., “xyztrackback.cgi”) in them. And when I change the name of the two scripts in my mt-config.cgi file, instead of rebuilding all the individual entries in WIST, I just have to do an index rebuild (which takes just a minute). And if I forget, it will still update the next time I add a new entry.

Note that SSI is not available on all hosts. It is on mine, though.

2. Change the comment form.

Now to change the reference to the comment script. In the comment code, there’s a form call that starts something like:

<form method=”post” action=”<$MTCGIPath$><$MTCommentScript$>”

That’s the part that needs to be fixed. And, fortunately, it’s simple.

<form method=”post” action=”<$MTCGIPath$><!–#include virtual=”/dynamic_comment_script.inc”–>”

That’s an SSI call there at the end. It’s calling the contents of that .inc file I created in step 1, literally sucking it in at the time the page is loaded. Thus, the page is static (on file), but that particular piece gets pulled in dynamically. And recall that .inc file contains the name of the comment script, as most recently generated (even if that’s after when the entry’s static file was generated).

3. Change the Trackback text.

I still have the default trackback address text at the bottom of the individual archive page, in case someone’s doing a manual ping that isn’t doing an auto-discover on the file. That line usually looks like:

TrackBack URL for this entry: <$MTEntryTrackbackLink$>

Instead, I do the same trick as above:

TrackBack URL for this entry: <$MTCGIPath$><!–#include virtual=”/dynamic_trackback_script.inc”–>/<$MTEntryTrackbackID$>

MT has all sorts of tags for this sort of stuff, so it was easy enough to (by looking at what was actually generated) find the surrounding pieces and substitute in the SSI of the TB script in the middle.

4. Change the Trackback autodiscovery code.

A lot of blogging software can autodiscover trackback addresses for a file through special RDF tags embedded in it. So MT has a simple tag to generate the RDF tags:

<$MTEntryTrackbackData$>

That actually creates a 14-line set of tags and info for the trackback discovery process. Unfortunately, part of that info is the location of the trackback script (so that the autodiscovering system can generate a trackback entry).

Fortunately, though long, the format of those tags is pretty straightforward and the content is reproducable. So in my Individual Archive template, in lieu of the one line above, I now have:

<rdf:RDF xmlns:rdf=”http://www.w3.org/1999/02/22-rdf-syntax-ns#”
        xmlns:trackback=”http://madskills.com/public/xml/rss/module/trackback/”
        xmlns:dc=”http://purl.org/dc/elements/1.1/”>
<rdf:Description
   rdf:about=”<$MTEntryLink$>”
   trackback:ping=”<$MTCGIPath$><!–#include virtual=”/dynamic_trackback_script.inc”–>/<$MTEntryTrackbackID$>”
   dc:title=”<$MTEntryTitle$>”
   dc:identifier=”<$MTEntryLink$>”
   dc:subject=”<$MTEntryCategory$>”
   dc:description=”<$MTEntryExcerpt$>”
   dc:creator=”<$MTEntryAuthor$>”
   dc:date=”<$MTEntryDate format=”%Y-%m-%dT%H:%M:%S-07:00″ />
</rdf:RDF>

All the stuff in the first block is literal info as generated currently by MT. The next stuff is all use of MT tags — including, note, the SSI to get the current trackback script info into place.

The only thing I didn’t bother to look up or figure out how to do is on the last line. The “-07:00” is the GMT time zone offset, in this case Mountain Time. I don’t know if MT has a tag to do it, and I really didn’t feel the need to look it up (since I don’t plan to permanently move out of my time zone any time soon).

5. Kick back and relax.

And that’s it. With those steps, I now can change my comment and trackback script names, do a simple index rebuild on WIST (or even — given that the trackback and comment traffic isn’t all that heavy — let it rebuild itself when I add more quotes each weekday), and the changed CGI script will be present in all of my entries without having to do a full rebuild.

Of course, you might say, I could simplify things by eliminating trackbacks — but I’m stubborn about this, as I think the TB concept is delightful, and use it a lot for internal cross-references if nothing else. I hate to let the spammers “win” on that one. Ditto for comments — the WIST site would not lose a lot by losing comments — but I’d be irked and saddened. So, to me, it’s worth the effort to have done this.

And to have shared the wealth with anyone else who’s looking for something similar.

Po-po-po … po-potpourri …

A guide to the French. Inauthentic Medieval Food. Freakonomics book covers from around the world. I’m amused by the subtle differences, and by the huge ones. Forty percent of…

A guide to the French.
Inauthentic Medieval Food.
Freakonomics book covers from around the world. I’m amused by the subtle differences, and by the huge ones.
Forty percent of spam comes from one source.
Modular Windows?
Dean Kamen’s amazing water machine. I saw this on Colbert. Hopefully this won’t be another Segway (as cool as the Segway remains).

You, too, may be a winner!

I am very amused that I just got a spam for winning some sort of “cyber-lotto” — ostensibly from a office in nearby Amsterdam. If the e-mail in the message…

I am very amused that I just got a spam for winning some sort of “cyber-lotto” — ostensibly from a office in nearby Amsterdam.

If the e-mail in the message matched the e-mail the message was sent from, I would be tempted to go look them up …

Anti-spam update

Comments are tending to remain spam-free (thank you, TinyTuring). A few occasionally are popping up as added by real (evil) people at keyboards; these tend to be fairly obvious on…

Comments are tending to remain spam-free (thank you, TinyTuring). A few occasionally are popping up as added by real (evil) people at keyboards; these tend to be fairly obvious on all my blogs, and get deleted as soon as they’re spotted. I’m hitting the Manage Comments section of my MT installation at least every few days, in case something comes up on one of my less-watched blogs (I don’t always see the Comments e-mails).

Trackbacks continue to be the biggest problem, but are largely managed. Basically, trackbacks on all blogs except this one and BD’s are moderated (the exceptions are because we both are more likely to spot stuff quickly), and both blogs have low thresholds for flagging stuff to be moderated (or junked) anyway.

By the same token, some very crafty trackbacks have been showing up lately that aren’t easily filtered — titles and excerpts from “real” text, and links to domains that look relatively innocuous. These have the greatest likelihood of slipping through, but I’ve been monitoring both my e-mail notifications and the MT trackbacks screen pretty closely, as well as noting IP ranges for those innocuous domains (and, quel surprise, they often are part of the same bloc, which then gets IP-banned).

It does remain intensely frustrating — like having a wall that invisible taggers keep spray painting — but I refuse to let the bastards grind me down.

Other tools used: AutoBan (which throws a temporary IP block into the .htaccess file any time something.gets flagged as junk, thus reducing processing burden — right now blocking 151 IP addies for the next 2 days), and the built-in SpamLookup (which includes IP blacklist lookups at bsb.spamlookup.net, sbl-xbl.spamhaus.org, and bl.spamcop.net and domain blacklist lookups at bsb.spamlookup.net, sc.surbl.org, and multi.uribl.com).

Um … no …

Sometimes these guys don’t even seem to be trying very hard: From: Internal Revenue Service Subject: Tax Notification Internal Revenue Service (IRS) United States Department of the Treasury After the…

Sometimes these guys don’t even seem to be trying very hard:

From: Internal Revenue Service
Subject: Tax Notification
Internal Revenue Service (IRS)
United States Department of the Treasury
After the last annual calculations of your fiscal
activity we have determined that you are eligible
to receive a tax refund of $184.80.
Please submit the tax refund request and allow us
6-9 days in order to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying
after the deadline.
To access the form for your tax refund, use the following personalized link:
http://[gobbledygook redacted]/www.irs.gov/
Regards,
Internal Revenue Service

Document Reference: ([more gobbledygook])

Riiiiight. I’ll just click right through, accept any downloads, tell you my SSN and bank account number (so you can “deposit my refund”), and then wonder what happened to my bank balance and why does my computer keep crashing …

If the above doesn’t look suspicious to you, you probably shouldn’t be on the Internet.

Category: Computer Security