Tag: rant

Posted on
by

OK, I appreciate that eBay has a dedicated email address for reporting phishing attempts. I appreciate that their abuse department is a lot busier than I am, and therefore has to rely heavily on form letters. And I appreciate that they’re making an effort to educate the public on how to spot phishing and avoid getting caught.

But when I forward them a message with the comment, “Here’s a sample of a blatant phish,” is it really necessary to reply with the full two-page notice explaining, “This is a spoof, we didn’t send it, here’s how to avoid it, blah blah blah” and the entire body of the original message, complete with the links to the phishing site?

I’d think in this case a simple, “Thanks for the report, we’ve notified the authorities” note would be sufficient, especially since the “how to spot a phish” stuff is already in the auto-response. All it takes is giving their abuse staff an extra choice for the form letter.

And under no circumstances should they be including the full, original text of the phish. At best, it’s asking for the response to get lost in a spam box or blocked outright. At worst, it’s a security risk waiting to happen (since this copy really did come from eBay). Somewhere in the middle is the risk of mucking up adaptive filters as they try to reconcile the original message, which was spam, with the new message, which isn’t.

Posted on
by

It’s really annoying that the writers and editors on The Flash didn’t see fit to actually tell us the names of Wally and Linda’s children during the final 6 issues of the series. All we know is that one is a boy and the other is a girl.

Even more annoying is the fan speculation that the twins will turn out to be one of two existing pairs of characters:

  1. The Tornado Twins, who first appeared in Legion of Super-Heroes, or
  2. Más y Menos, a pair of speedster twins from the Teen Titans cartoon.

Continue reading

Posted on
by

Here’s a piece of friendly advice from a mail server admin to companies that interact with subscribers and customers via email:

Pick one domain name for your business. Just one. Don’t use any other domains in your emails, even if you want to keep order confirmations separate from promotions. If you contract out for some other company to send out a newsletter or survey to your customers, insist that they send it out using your own domain name. If you’re using DomainKeys or SPF, make sure they’re authorized or send it yourself. And don’t even think of making the links through redirection scripts, even if you really want to track which subscribers are clicking.

Why?

Two words: Spam and fraud. Continue reading

Posted on
by

The SANS Internet Storm Center remarks on the challenges of fixing Java vulnerabilities, since Sun’s installer only checks once a month by default—based on when you installed it, not on a standard schedule.

Well, it’s worse than that. My Windows 2000 box at work was easy. I just went into Control Panel, opened the Java Plugin, and told it to update. At home, on our Windows XP box, I had to go through multiple reboots just to get the installer started.

It wasn’t XP that was the problem, though: It was Norton Internet Security. First it disabled all network access from Firefox when I installed the new version. Then it blocked access to the Java updater, so whenever I clicked on “Install” it would just disappear instead of launching the installer. I resolved it (for now) by disabling Norton while I did the install…but I had to reboot in order to get as far as the first step again.

Posted on
by

Worms of the future: someone on MySpace *ptui!* came up with an actual JavaScript worm using cross-site scripting exploits and XMLHTTPRequest. In 24 hours, the worm had forced 1 million users to add him to their friends lists.

Personally, MySpace bugs the heck out of me because it seems to have a culture that encourages embedding images from other sites. 18% of hits to hyperborea.org from other websites are from myspace. Admittedly that’s inflated by the fact that attempts to embed images from my Flash site redirect to the actual articles, so it’s probably more like 10%, but it’s still insane. Earlier this week I started blocking hits from MySpace to images posted on this blog, and I plan to do the same with the Flash images over the weekend. You like my photos? Great, link to my actual site! You like the scan I have of some movie logo? Great, copy it and upload it to your own site!

(via Slashdot)