Slashdot Mirror
Scam Combines Patriot Act FUD With IE Bug
LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
I hope this isn't what Bill was talking about with The Secure Computing Initiative
...now we're outsourcing scams to India too.
Where's an MS patch when we really need one?
Being prevented by the DMCA?
I mean with Bennifer break up I have no time for such drivel stories
Where's an MS patch when we really need one?
:-)
These solutions will solve your problem.
Visit Jonesblog and say hello.
at least the scammers aren't outsourcing to India.
Needle Nardle Noo
Ha! Can't get my money - don't have any.
Paul
Wherever you go, there you are.
Any law which is so powerful and ambiguous as to put fear into people by its mere mention must be a bad law. A reasonable person, if accused of violating the Patriot Act, might actually doubt his own innocence because of the sheer labyrinthian might of the Act.
MORTAR COMBAT!
I went thru my reply sequence: 1. Spam is bad 2. Scam is bad 3. M$/IE is bad 4. M$/IE with spam and scam is bad 5.Pakistani spammers with M$/IE with and scam is bad 6. GOTO 1 Just a shade of Godel
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)
Why don't you realize that the Bush administration is destroying America?
If everybody understood that everything on the Internet is bullshit, then we wouldn't have this problem.
Where's an MS patch when we really need one? :-)
*watches with interest from a distance and wondering why all the fuss*
"The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
Right here.
"W3 n33d jO0r b@nk @cc0un7 # bc@u$3 FDIC $@ys $0."
I hit delete. Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?
.deviatefromtheabsolute.
I wonder why SCO isn't warning congress about Microsoft being a thread to national security and the economy.
I woud think that a bunch of us handing our info over to india might fall under both of those....
Here is a repost of the email on news.admin.net-abuse.sightings.
" >http://www.fdic.gov/idverify/cgi-bin/index.htm</a >
The link text:
<a href="http://www.fdic.gov@202.63.206.88/index.htm
There's no point in a slashdotting/DDoS since the U.S. connectivity provider has already choked off the flow of packets to this server in Pakistan. Pinging 202.63.206.88 times out.
Apparently they are "still working on it", just like they have been for the last two scheduled patch releases they've had. Unfortunately, the scammers and phishers are "still working on it" as well. And yet despite this, Microsoft still spouts such choice quotes about its software security as "The tool had to to be tested before we could put it on Windows Update... it would be unfair to accuse Microsoft of tardiness." (about a five month wait for an official Blaster clean-up tool) and "Windows is far more commonly afflicted with worm infections than Linux... but Microsoft offers greater accountability and support than open source alternatives".
Well, I'll agreee with one of those points. Can you guess which? ;)
UNIX? They're not even circumcised! Savages!
Microsofts commitment to homeland security pays off.
. as p
http://www.pcmag.com/article2/0,4149,1436539,00
A patch was released by an open source development site for this bug, unfortunately, it turned out that the patch contained a buffer overflow and malicious code, click here for the story.
The IT section color scheme sucks.
The real www.fdic.gov is running a rather standard press release to warn that it's a scam.
Consumers never have any reason at all to send information to the FDIC. They already can get all they need to know out of banks.
So /. finally admits they're using a FUD campaign against the Patriot act?
I'm not to concerned about this exploit/scam/bug.
What I demand get fixed is the fact that when I click at the bottom of the scroll bar, it scrolls two pages at a time. Who in the hell came up with that stupid idea?
I have misplaced my pants.
WTF? A Java-enabled news story? Ugh. The AP link is much cleaner, and quicker loading.
I want to delete my account but Slashdot doesn't allow it.
It's in the same place they put their concern for their end-users. Once you find that, let the rest of us know.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
just another reason to bank off shore and not use swiss cheese as a internet browser.
/. it and take it down that way. Shock and Aw slashdot style!
btw, anyone got the link to the scam, we'll
FDIC has nothing to patch, their only problem is that their name is being used without their permission. The bug is in IE, which is on the user side of things.
We are with the government. You are violating the patriot act gullableguy@aol.stupiduser.com. We just want you to go to this site and give us all your compromising information because you are violating the patriot act under provision 1234. Please go to this site otherwise you will lose your FDIC insurance coverage. Please disregard the fact that if you really were suspected, the US government wouldn't actually contact you by email, and that the patriot act doesn't have anything to do with the FDIC. Oh and we would have addressed you by name instead of your email account. Oh, and other obivious and logical stuff too.
Best regards,
A guy who isn't pakistani
many roads lead to a safer internet expirience. mozilla, firewalls, scriptblockers.. however, the method i've found most effective is what i call "security through some old piece of crap". my mIRC client says "copyright 1995-1998", and when I asked 50+ nerds on a channel to try and DoS me, nobody could find a crack old enough! so the lesson is: don't wait for the new patch. revert to a version before the bug was even introduced.
This really has nothing to do with peoples feelings on the Patriot Act, it has more to do with fooling people about giving out their banking info.
I delete any e-mails that contain those escape characters server side with a filter rule.
Ben
Work Safe Porn
Its not on a government site you fool. Some people are exploiting a flaw in IE to fool people like you into thinking there are going to a valid site to post the data. You really shouldn't post about things you don't understand.
Does anyone have the URL? I want to make sure I straighten out my account before I loose my money!
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
Because if they're willing to take away some of the rights we've been given using the Patriot Act, what's to stop 'em from taking the rest of 'em away in the America Act or some other similarly stupidly named set of laws..
RaGe
We're all just noise on the wires..
Now that I'm unemployed, I feel more secure knowing that I have no money which can be scammed from me because of a "Patriot" Act. Thank God for the state of our Bushist economy!
The Welkin: Online Music Reviews
Which rights have been taken away? What other rights are planned on being taken away?
---------
George W. Bush in 2004!
The only way they could be any closer was if they touched.
Oh...wait, they do...
(puts on asbestos underwear)
The Patriot act invades the privacy and tramples the civil rights of America's citizenry by allowing the DOJ and the CIA to bypass the Bill of Rights whenever they feel like it by declaring someone a suspected terrorist, or, even better, and enemy combatant. The only thing preventing the Executive branch from using this to silence political dissidents is the enormous political fallout should they attempt it. It is, in addition, transparently racist in its implementation because it is being used to focus the eyes of law enforcement on dark-skinned foreigners, while largely ignoring homegrown terrorist groups such as the Ku Klux klan, National Alliance, Posse Comitatus, and the World Church of the Creator.
But, if none of these issues bother you, ignore me. You probably will anyway.
You are not the customer.
What do you use to replace IE for your internet browsing experence?
[blue] - The Ministry of Information approved this message...
I lost money to a similar scam, except in my case the mail came in the form of a white envelope from the "Department of the Treasury, Internal Revenue Service." Short verison, there were papers in there wanting to know my social security number, how much I made, what I spent it on, all of the same information from my wife...and then it ordered me to give a percentage of my income to them or else they would come and put me in jail!
I did a bit of research and found that this money had been taken from me from some group of thugs called the Congress of the United States. Apparently, they took my money and I'm told there's very little chance of getting it back.
They've even got my employer in on the scam - now they are paying some of my paycheck directly to them.
Where's an MS patch when we really need one?
Honestly, the Patriot Act is so fucked up I doubt a simple patch will fix the problem. We'd have to throw the entire thing away and start from scratch. It's not worth salvaging.
And further more... What? Oh. You meant a patch for IE. Okay, I got it. My bad.
GMD
watch this
America is a funny.
They've taken away the right for you to be a complete idiot and still claim membership in the GOP (exception: if you are in office already, they'll wait till your term is done). Looks like you are screwed.
You are not the customer.
Not the patriot act, but you don't have free speach within 60 days of an elections.
Again not the patriot act, but you don't have freedom to own arms that would be perfectly suitable for a milital (like a full automatic gun, or even the more useful 3 shot burst)
The third ammendment (IIRC... quartering troops) isn't an issue, but I'm sure you could find areas of at least grey for the rest.
The 9th and 10th are perhaps the most violated. The federal governemtn can't set a drinking age, yet they have practily set it. And other little things like that.
Since we all use Firebird, who cares?
Man, I thought I was going to see some nasty Goatse-thing but then ... horror of horrors!! GEORGE BUSH!! AHHHHHHHHHHH!!!!!!!!!!!
That was rude, man...
Apparently /. has it's own version of a fake-URL issue thanks to Amazon and a rather open redirector script...
I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.
I always swore by Norton, but from the things I've seen as of late, I think I'm sticking with Network Associates.
Aparently some people didn't understand that I was mocking the M$ patch system and requisite certifications for government use.
I was not saying that this is the fault of the fdic, or in anyway related to fdic. I understand that fdic's computers are not involved in the translation, as the domain name is fixed.
You can't judge a book by the way it wears its hair.
Most of the rights granted under the Fourth Amendment, some of the rights granted under the First Amendment, and the Sixth Amendment is pretty much gone.
I'm sure that once the rest of the First and Fourth have been gutted, then the Second will be next on the chopping block.
Keep goin down the list, we'll likely see all of them eventually ignored.
Why assume that everyone should know this is a scam? Why assume that anyone is "fair game" because they are more ignorant than those who would like to take advantage of them?
After all, people who lack knowledge of fundamental English grammar are still allowed to post using such constructs as "people that" when they mean "people who". Most people would still allow their posts to appear on Slashdot, even though they are in obvious need of "an education".
Until we all start signing our emails with PGP.
Have you had your head buried in the sand for the past two years? Or have you had it shoved tightly up your ass?
If you would like proof I suggest that you turn on your evening news. If there are no reported incidents that fit the bill today then browse the archives of your local newspaper for the past few months. Everyday the Patriot Act is used to bypass the rights of normal citizens. Something, I might add, they promised never to do. "Patriot Act will never be used against American citizens." But, reality is that it already has, countless times.
As a very minor example, before the Patriot Act a judge had to issue a warrant in order for the police to examine your banking or telephone records. The judge would evaluate the claim as to whether there was probable cause and if the search was legal prior to issuing a warrant. No longer is this true. Today, anyone with any police agency simply has to cite the Patriot act and your records will be handed over quicker than you can say Patriot act.
Remember, it's only defined as critical if it's exploited in the wild.
I do security
Ha ha, how lame. Lucky for you they'll let any retarded idiot such as yourself into the Dummycrat party!
---------
George W. Bush in 2004!
There are scams for the 0,001% with huge payouts (bank scams, 411 scams etc., simply rip-offs)
Then there's the scams for the 0,1% with some medium payouts (mortgages, loans etc., often poor business deals but "real")
Then there's scams for the 10%, like cheap herbal viagra and other one-off product sales, which are just a few dollars each but large in numbers.
Also, it's about finding the blind spot. Even people who would never normally buy SPAM but then get this wonderful offer that they just HAVE to try anyway.
You know it yourself. You might know a good price and who's a serious actor for buying a Pentium 2.8C or AMD XP 2800+ on sight, but in other areas you're at a blank. That's where spammers come in.
Kjella
Live today, because you never know what tomorrow brings
People that actually fall for this bullshit don't deserve to have a bank account in the first place. Do you honestly think the feds are gonna contact you via email to tell you that you're violating the patriot act? Go get an education.
Lots of elderly women who outlive thiner husbands, have to deal with the finances for the first time. These people make a great targets, they are computer illiterate. They where given a computer to communicate with their family, and dont know about all the email scams. And with the new homeland security daily threat levels, it confuses them.
Do a little research before you blame the victim.
Well, being a dark-skinned foreigner is one of several factors that may indicate a traveler may in fact be from a middle-east terrorist organization. All of the hijackers on 9/11 were dark-skinned foreigners. It'd be absurd not to take that into consideration.
---------
George W. Bush in 2004!
Stop being an elitist snob.
Well, it's how they contacted me.
Microsoft software deservedly has a very poor reputation for security.
People who continue to use it when there are plenty of alternatives, including free ones (as in speech and beer), therefore know what they've let themselves in for, and deserve the consequences they get from their misguided decision.
(This comment entered using Mozilla running on Linux).
And I DO hope you're not advocating the profiling of foreigners simply because they're foriegn or their parents or grandparents were. That's a really wide net in the country, and I don't think Ireland, China, Mexico, Canada, England or Poland had anything to do with 9/11. But I digress. . .
You are not the customer.
Here's the text that prompted me into give away my personal info :)
Important News About Your Bank Account
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
http://www.fdic.gov/idverify/cgi-bin/index.htm
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
$ ~/dl/opera/eps-opera_keygen
Opera 7 (linux) keygen by magnolia^EPSiLON
Serial: u-KcCiL-vCknS-hSE3U-8k8bd-km4sB
Bah, don't waste your time with that candy-coated Apple crap, or that bug-filled Microsoft junk. *This* is all you need to browse any web site with confidence. And it won't cost you a penny.
Wimps.
Yesterday I received a message that appeared similar in nature to that described by the article. After many phone calls I managed to speak to the fraud section at the Commonwealth Bank (biggest bank in Oz), where the message appeared to come from.
Their solution (after getting some of the bank staff to pull their head from the sand) was to redirect all requests to a specific URL to the Bank's home-page.
Now I for one, think that the only way that they could do that, was with cooperation from ALL ISP's in this country.
The scam and the banks initial response pissed me off, but the redirect scares the *shit* out of me.
Anyone else share my concerns, or should I just crawl back into my box and live with the idea that the Internet has just died...
|>>?
Lol. So the Patriot Act is so widely understood to undermine civil liberties and privacy that a scam in its name is likely to be perceived by many as credible. Pretty damning of the Patriot Act.
Being from a white, middle-class American family won't stop me from becoming a terrorist if they take any more of my rights away. Put that in your pipe and smoke it!
Futhermore, such a demographic has all of their money in savings accounts and they remember exactly why the FDIC exists, as a never-let-that-happen-again fallback to the banking crisis of the Great Depression. These people have absolutely no risk tolerance with their money, so even an unclear threat to their FDIC insurance is something that causes them to pay attention.
This spam-related story involving a bug in a microsoft product gets posted right above another story titled "Bill Gates Forecasts Victory Over Spam"
It just can't get any better
It will if they monitor posts on slashdot like yours.
---------
George W. Bush in 2004!
This is just Microsoft's way of saying 'Use Mozilla'. :)
This is my sig. There are many like it but this one is mine.
Because I am reading my mail in Pine, with headers turned on, so I see all the false links and other standard spammer bullshit.
Because I only communicate with banks by snail mail or the telephone. The amount of money in the bank is too important to be left to an insecure transmission medium (yes, I mean email)
Because I am using mozilla, and so all the pinheaded hacks aimed at Internet Exploder just bounce off.
Because I will never act upon information I get from an email from an unknown person.
Oh yes, spammers, I do forward your fraudelent emails to the abuse department of the bank involved. Since you put the banks' real URL inside your spam, and since I see that in Pine, I have no problem going to the banks real website and submitting your crap.
By the way, did you know that it takes harvesting 35 spammers to collect the 4 lbs of brains to make Spammer Brain Stew? (Serves 4)
Recipe:
Spammer Brains Stew Recipe
Cook bacon in its own fat until rendered. Remove the bacon bits and set aside. Combine flour, salt, pepper and cayenne and dredge the brains. Peel the testicles. Brown the pieces in the rendered fat with the onions. Add 1 1/2 cups boiling water, tomatoes, red pepper and thyme to Crock Pot with meat. Cover and cook Spammer Brain Stew on LOW 6 to 8 hours. Add remaining ingredients including reserved bacon, cover and cook Spammer Brain stew on HIGH 25 minutes or until vegetables are tender.That's a good point actually - I often overlook the elderly. Although, my elderly grandmother HATES computers with a passion. She almost definitely will outlive my grandfather, but I don't think she will ever bring herself to use a computer. Even so, the elderly, more than anyone else, should realize that there is little, or no correlation between an email address and a bank account. The internet most likely didn't even exist when they got their bank accounts. I realize that with all of the electronic banking that happens now, people could be duped by such a scam, however, any well informed individual would know that email is NOT a secure communication method and would NEVER transmit such sensitive information over an insecure protocol. So I believe my point still stands. Get an education.
its called mozilla. Also fixes all spyware problems as well as cookie problems. Its time to give up on ie and start over. Fortunately the mozilla team makes this painless.
Lawyers, MBA's, RIAA? A jedi fears not these things!
From the terrorists. Too bad they're using our own laws against us. Let's make them way more restrictive and they'll be shut down!
Someones comment above made me think about how you could possibly lessen the effects of attacks like these. They mentioned that one of the US providers lines cut access to the IP in question. Indeed its no longer pingable.
:) I'm sure there is plenty, its just an idea. :)
But how long does it take for word to reach them about that?
What I was thinkingwas, a sort of P2P network client that could actively collect IP's from sites like this and, while not outright blocking them (so the next legit user of that IP isnt screwed) could at least sit in a ZoneAlarm-like position on your system and monitor the IP addresses you try to connect to, if it matches the outgoing IP to one on the list, it throws up an error like "Warning! This IP may contain fraudulent information or be dangerous to your computer, only proceed if you are absolutely certain this site is safe!".
The P2P aspect would be nice because once new scams are caught in the wild (honeypots might be a very usefull tool to help catch them fast) users/admins could update the list (though some sort of peer review would almost certainly have to be in place to avoid abuse) and could redistribute itself amongst the network.
Idealy this should not have to be the case, but as in the above example, its not really a "bug" per-se because if you look at it, its quite obvious what they are doing, just the same there should be some way of preventing this kind of thing reaching the uneducated masses. Even 0.001% of the pop. falling for this kind of thing is unacceptable, and will only fuel people like this.
Anyway, commence poking my idea full of holes
"The saddest words of mice and men, are not those which were, but should have been."
Don't use IE! /.) or opera.
use mozilla/firebird (should be the official browser of
Just like how soldiers during the Vietnam war would ditch their faulty M16's and grab the VC's Chinese-made AK's, no one should be using a faulty tool, period.
Contents of e-mail I received:
.
1 %01%01 %01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0 1%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01% 01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01 %01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0 1%01%01%01%01%01@69.15.6.126/f/
Dear yahoo Paydirect user, thank you for using our system. We kindly ask you to edit some information within your Paydirect account, due to our new policy rules and improved protection matters. Please click here and follow the instructions
Paydirect Administration
Link that was prvided was:
http://paydirect.yahoo.com%01%01%01%01%01%0
If you have IE, you can test see how it masks the real address.
Maybe the victim is not completely at fault, but part of the fault is hers. When she was younger she shouln't have accepted the sexism that pushed her into helplessness. As she grew older she should have examined herself and her society and asked questions when she didn't know how, what, when, where or why something was the way it was.
And she definitely should have asked questions about the computer and email when she got it. The hacker creedo of "How does that work?" would have served her well.
If this non-news, standard issue spam, had not included "Patriot Act" FUD, it would have never made Slashdot. People, it's run-of-the-mill spam. Delete it and move on.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Banks get notified of tons of things like this every day (I work in one), and all the tellers should know of the scams. Before you do anything involving your bank account, call your bank!
We also get memos telling us NOT to let Bin Laden or Saddam open accounts... allong with a list of the US Government's top 100 most wanted. I'm still not quite sure how we're suppossed to memorize all those names...
...Microsoft repeated its denial that the Windows monoculture is a threat to national security.
When I first heard about this bug I put a body_check in Postfix to block messages containing the offending code. In the past 24 hours it's blocked 40 messages that tried to exploit the bug but none were this FDIC scam.
n etwork.com/update/ which loads a microsoft page in one frame and in another frame attempts to download a file of type application/hta.
The virus is faked as coming from "security-center@microsoft.com" and it tries to send the user to http://www.microsoft.com%01@d2341647.u35.worldisp
I have yet to find information about this on any of the major Virus Scanners' websites. Anybody know more about it?
The 2nd ammendment was created so that people like the person who wrote parent to your post won't have to worry if he is monitored by a government that he doesn't agree with.
I opened it 'cos I'm curious. Looks like the first of the "broadband" ads - at least that I've seen. For Fisher something or other, I ignored it, but it was a video of a guy talking crap about his investment company. Pity the poor modem user...
Bob
Listen to my latest album here
DEAR GOD! MY EYES!
Just download mozilla.exe, and patch your system properly.
NPR ran an article about the hole in I.E. friday morning, yet never mentioned that the hole was in Internet Explorer, (just in "the internet"). They also never mentioned that alternatives were available. It's sad when people have become so indoctrinated in a product that they don't even realize that they are using one.
The ______ Agenda
Or perhaps 'gullible'?
I think its pretty safe to say, that if Microsoft cant make web browsers, then what chance do they have of making web servers? given that in the past few years they have managed to make countless cock-ups in the areas of allowing scripting languages to access more than they should, and not properly implementing formats including HTML, CSS, and PNG! Really guys, its not that difficult.
This comment does not represent the views or opinions of the user.
>By your logic, any law with large penalties is a bad law.
No.
He said laws with large penalties AND ambiguity.
This is only one variation of the scam! This morning I got an eMail saying essentially the same thing as this one, but is was talking about my Visa account. It said it was from Visa (not the actual company that holds my Visa accounts, big difference). Needless to say I didn't click a thing, but I did take a peak at the guts of the message, and I believe this is a variation of the same thing.
I haven't seen this reported anywhere else, I frankly didn't think anything of the eMail because after all, with all the spam I get and either don't open or glance at and send to the deleted folder immediately, what's one more? But when I saw this posting, I took a look at it again, and I think it's worth everyone being aware that there seems to be variations on a theme here.
IF you are the type of mind that might have been fooled by one, beware the other, and any other variations that might come along too!
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
"Where's an MS patch when we really need one?"
Who "We?"
Not me.
This browser toolbar isn't spyware and detects the spoofing...
http://www.dejasurf.com/help/spoofwarn.html
Man, talk about irony. The Patriot Act is indirectly responsible for a scam that could be funding terrorist anti-American factions. This is even funnier than the Bush/Cheney administration's 'drugs=bad, arab oil=good' dichotomy...
(disclaimer: yes, I'm aware it could be pro-American pakistanis behind this fraud. Heck, they're obviously capitalists and have the ethical flexibility to do well in American corporate boardrooms.)
A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.
5
For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=12244
I believe www.openwares.org have a fix for this IE bug now working correctly - it was originally badly written (complete with buffer overflow!) but I think they have now addressed all issues.
It is released with source under GPL (or similar) at their site.
(PS - I have nothing to do with openwares)
Web Sig: Eddy Currents
hear hear!
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
hey peeps my first post YAAA ! well i was watching a very eye opening movie called the "truth and lies of 9/11" its about the evil in the administration right now and in the stock market and corporation around the world. i fell like its is important that every geek read this since it ties in to some of the patriot act and legilation that we all hate. it will help the geeks and non geeks have a closer allience on the issues of privacy and information trading. please atleast watch the video it is on http://www.forum2.hawkies-world.com/index.php thank you for your time and interest. if you can post this on the main page if would be appericated :)
NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER GIVE UP! "No limitations, no boundaries, there is no reason for them."
Did you know that "gullable" is not a real word? Seriously, look in the dictionary -- it's not in there. Strange but true!
Look, I *do* use water every day, as well as the roads pretty much each day, and of course I use electricity. Do I think these things would just vanish into thin air without paying income tax to the U.S. govt. though? Nope!!
... Why does this have to go away when it comes to issues like our roads? If people find the roads and highways useful, we'll be willing to pay for their care and maintenance by private companies. (Heck, this might even encourage a little more fairness in the respect that businesses dispatching 18-wheelers all over the country could pay a higher road maintenance fee than the average citizen driving a small car! Right now, I feel like my taxes going towards the roads are paying largely for damage done to them by large trucks and buses.) Same with electricity and the rest of the utilities. I think we might see some really interesting things happen if we opened them up to competition. Maybe we'd have small, local electric power companies that actually *cared* about their customers? Where I live right now, AmerenUE sure doesn't! They let the trees entangle the power lines and cause regular outages, and their attitude is "We'll worry about fixing it when it goes out. We don't have the money to keep paying tree trimmers to prevent it." I had a power line going in to my house that wasn't even insulated. Every time it got windy and rainy, you could see the thing touch a tree and create a shower of sparks. I complained numerous times and they told me they wouldn't do anything about it unless the line actually snapped.
If all the money siphoned from my paychecks was invested into mutual funds/stocks/etc. instead of forcibly placed in the horrible investment called "Social Security" - I'd be MUCH better off when I finally retire.
We already (hopefully) believe in the concept of "supply and demand"
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal
Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at
this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit
Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on
your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes
up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be
lifted.
http://www.fdic.gov/idverify/cgi-bin/index.htm [202.63.206.88]
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the
Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local,
State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
Is there a clever page-widening post in here that I didn't see? The page is wide.
This bug has been known for months, probably years by some. How hard can it be to fix!?
Was it ever? I mean, I've been using postcards and pencil for my own business dealings forever, but even I know that email has been easier to forge than "X" and easier to intercept than Peyton Manning since shortly after its invention.
Texas interchangable with Mexico because they once used to be a part of the same country?
In fact, President Bush is working to ensure that we can use the term "Texaco" to describe ownership of the entities formerly known as Mexico and Texas.
Either that, or he just muffed his pronunciation again...
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
Ha, what a gullable person!
I am interested in purchasing your (First Post ) which price is ($2500)
and don't worry about the shipping agent I have a shipping
agent that will carter for the shipment I have a client in US who
is owing me ($7000). And he has promise that he will be sending the
certified cashier check down on my behave, I want you Have it in mind
that the remaining balance of the excess fund will be wire via money
gramm to the shipping agent who is coming for the pick up. If this
mode of payment is accept by you I will like you to send your Full
name and address including your cell phone number in which you will
Receive a certified check drawn in U.S funds.
Regards.
I WILL BE WAITING FOR YOUR IMMEDIATE RESPONSE.
The easiest cure for IE troubles is to nuke it off your system. I use Mozilla instead.
Or Firebird. K? k.
Right now, I feel like my taxes going towards the roads are paying largely for damage done to them by large trucks and buses.
What's their fuel consumption compared to that of your car? Once the more efficient hybrid car models show up on the used market in a couple years, they'll begin to take off among individual drivers. Less money spent on gasoline by individuals will shift the tax burden to those who buy fuel for large trucks and buses. In addition, large trucks and buses tend to run on diesel, and the government could tax that more than gasoline.
When the patch was released a month before the attack it is hardly microsoft's fault if others don't guess what.
Patch.
Could this be a new way to find Osama? Maybe some of his buds are using this to creatively finance more acts of terrorism. Probably a stretch, but what the heck, could be worth investigating.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
You're right, just check right here
It appears at first glance to be pretty straightforward. I spent about 10 minutes inside a preexisting toolbar control and had a pretty reasonable workaround for this bug, at least the flavor that is documented.
I then spent a couple of hours starting to work this up into an installable, shippable BHO (Browser Helper Object).
If no one else has posted a workaround for this problem, I will spend the 8 or so hours necessary to work this into installable, releasable state. The work is mainly professional "fluff" - making a reasonable installer/uninstall script, getting the icons right, writing the download Web page, putting in a link to some Web pages with help, putting the appropriate CopyLeft comments into the source files, etc...
Oh, and the source to the BHO will be made available....
But, I don't want to waste my time if someone has already done this....
More damning of the general intelligence of the American public.
LOL, good one buddy. Keep trying, you'll find good material some day. Until then, keep voting Republican all you like...by your obvious lack of brains to come up with a good comeback, I know you'll never be within the ranks of the elite; therefore I know your party will never have any respect for you.
/. users need to keep their eyes open for patches!! The patch was releasd some time back and /. did a story on it too.
OpenWares.org
Look for the IE patch. It was released Dec 2003
"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. "
You mean the same way the Microsoft forget to patch some of their machines and get infected?
You need a patch? Sorry bud, anyone who cares has probably switched to something that doesn't get exploited every second day.
It's been a long time.
Start Opera.
Go to www.homestarrunner.com.
Click on "sbemail" in the bottom navbar.
Hit "F11" to get GUI-less fullscreen.
Hit "KP_PLUS" until the Animation fills just about the entire screen.
Pick your episode and enjoy SBEmails as they are MEANT to be enjoyed!
I've been receiving (now I filter it) an email from January 1, 1970 (hehehe) from "microsoft.com" with an attachment: "patch.exe" and it only says:
:-(
"Use this patch immeditely!
There are plenty of viruses now!
More than 500.000 infected!"
Poor lusers who pick this up....
Evidence? It's down in Black & White and called the PATRIOT Act. Read it.
Weigh fees
Bypass fees
Minimum Corporate Tax
Weight Mile Tax
Diesel Fuel Tax
Believe me, the state governments gets their money from truckers. They just don't all do it the same way.
A Usenet Troll Triumphs on Slashdot
Things that you can do to help protect yourself from malicious hyperlinks
The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them.
from here
What about the social security surplus you've heard about? It's spent year by year as part of the general fund. The government supports the general fund debt by selling bonds to the social security fund, but issuing bonds to yourself is not an investment scheme. That means that the government will pay for social security from the general fund in the future. It also means that deficit spending of current proportions will be impossible in the future since the social security fund will no longer exist to be a "buyer" of government bonds.
The social security tax does accomplish some goals which our government views as important:
- Creates the illusion of an investment.
- Makes us think we're paying less in income tax, by separating it into two taxes.
- Reduces income taxes for the rich, as the federal income tax structure peaks at the 43.3% (28% income + 15.3% FICA rate), then goes down to the 28% rate (no FICA) then up a couple of steps to the rate for maximum earners of 35% rate.
Will there be a social security when you retire? I suspect it will be, but there will need to be a combination of lower benefits and higher taxes to pay for it.It is a bit pointless sending spam which purports to be something to do with a US bank account to a UK email address, and guarantees their immediate deletion.
Since I stopped using Lookout and Inept Exploder, I have had no problems at all with scams like this, or virii and trojans either.
The simple answer to IE bugs is to get rid of IE, it is a pathetic browser anyway.
(I'm joking, of course.)
False-Flag actions are easy to perform, they are incredibly effective, and the people in power are usually morally bankrupt (or outright psychotic) enough to feel no guilt in performing them.
"But they wouldn't DO that! Nobody would attack their own people! They just wouldn't DO that!"
No? They'd very deliberately lie to get us embroiled in an incredibly destructive and expensive war which is designed primarily to suck billions of dollars out of the public purse and feed it directly into the hands of a very few greedy men. The fact that or youth are being savaged both in body and mind means nothing to such people.
Oh, I assure you, they would do that. It's not a new idea by any stretch, and why would it be? Easy, effective, and nobody believes it could ever happen. Heck, it's what I'd do in their place. Easy. Effective. --And common! Every time somebody rips off an insurance company through arson or what-not, it's the same thing. It happens. People do it. If you think that people in government do not do it, you are a fool. Period.
Go and do some research. Look at all the 2003 'terrorist' bombings which took place around the world, notice when each of them happened. You'll notice that at each event, a significant step toward reason was undone. A bomb goes off, and a diplomat attending a key peace talk has a reason to storm out of the room. --Or some variation of that almost every single time. Also notice how the countries attacked were nearly always ones which happen to be sympathetic towards the so-called 'terrorist' nations opposed to US aggression. In other words, ridiculous targets which do not benefit the 'terrorists', but DO benefit the US and Israel.
My point?
The web is just another battle ground, folks.
A significant percentage of this web-damaging activity isn't perpetrated by private hackers or quick-money spammers. It's the covert arm of somebody's government and the aim is to increase the level of fear and uncertainty, to make people more willing to give up freedom. To make the public ready to accept a wave of lunatic arrests of so-called, 'hackers'.
It'll happen unless people are helped to understand the true nature of these kinds of events. If people don't get angry at the wrong parties, then we might just avoid the culling of the intellectuals which always happens during a fascist take-over.
Knowledge Protects.
-FL
Probably one of the first things I would think of upon receving an email like this is that my credit union would send snailmail to inform customers about something this important. the second thing I would probably think is how would people not online get this important information? Also with all the email scams that get circulated, in my company they constantly send Notes informing people to watch for SCAMS (this would seem to cover just about anybody who works in a cube-farm) but STILL people fall for crap like this! It's apparent that critical thinking skills are no longer taught in school and that might be the real problem.
wanted: one clever sig,apply within
They'll take care of that pesky 2nd Amendment mess as soon as they can.
Steve's Computer Service, Hobbs, NM
I have no doubt that they do. I was once visited by FBI agents bearing copies of an email I sent my father. This was a couple months before they testified before Congress that "Carnivore" only monitors known or suspected criminals. However, I have never been convicted of any crime or been involved with any criminal organization. The fact is, they're watching everyone. And sure, they're probably monitoring everything I do online now. My FBI file is probably three feet thick. That's fine. I'm only one person. My point is that for every "terrorist" they catch, they create two more. If you want to see the United States turn into the West Bank, just keep tightening the noose. People like you will be first against the wall when the revolution comes.
If you are the type that would check the URL then you would also be the type to realize that the bank, much less the FDIC and its affiliates, more than likely don't have your email address.
Not to mention the fact that the banks and government institutions always prefer to handle important correspondance via email rather than snail mail. [/sarcasm]
Then again, no one ever went broke underestimating the intelligence of the American public. Especially not, it would seem, in Pakistan.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".
The cost of using Mozilla is that you SELL YOUR SOUL TO SATAN! You contribute to the commie plot to steal our souls!
You mean, both of you?
I got an original of this email. Perhaps there was more than one version. Perhaps we just don't want to talk about attacks originating in a 'friendly' nation.
I'd still like to hear from *ONE* person that the Patriot Act has adversely affected. Everyone that I hear bitch about it, I ask how it has affected them and they cannot answer.
That's because anyone who has been "adversely affected" probably got shipped down to Gitmo without access to a lawyer or any other human being except their interrogators. You -- and everyone else -- won't be hearing from them for a long, long time.
Just because CNN and USA Today aren't running big stories about people who have been fucked over by the Patriot Act doesn't mean they don't exist.
Given today's news stories, both of our nations need to take a long, hard look at how the rest of the world (no pun intended) must look at us.
Well, not everyone in the USA is so ignorant of the rest of the world. Unfortunately, those people are few and far between. When they travel abroad and are in a dangerous situation, they become temporary Canadians. Some also do it when there is a potential for just being treated rudely.
I mentioned this to a Canadian friend the other day, and he said that he wished we would stop the practice because now Canadians are starting to be treated like yanks. Seems this tip has been passed down to some of the less clueful US tourists, and now Canadians are being seen as just as bad as the "Ugly Americans."
Back to the question of Americans, I've been told that people in Mexico and Latin America do indeed think of themselves as Americans, and they refer to the residents of the USA as "Norte Americanos."
This signature used to contain a cute kitty virus with ansii art. Please set the slashdot editors on fire. Thank you