Thanks for the pointer. Looks like, in addition to potential credit card fraud, these spammers also are guilty of 2 of the 12 Scams Most Likely to Arrive Via Bulk Email:
(2) forging sender address
(5) peddling dieting medicine of dubious efficiency
Unfortunately, the online complaint form is down at the moment...
Michael says : "completely open any time you browse the web with IE. "
Story says "who view a specially constructed Web page"
That's like saying: "it's not dangerous to walk Central Park by night, the only dangerous thing is to get near a robber". Problem with both reasonings: how is the casual user going to know in advance whether the the Web page is specially constructed or not? Or whether that man over there is a robber who'll turn around the next second, and stick a gun on you?
Actually, if you had read the link, you could have found a real argument in your favor: the exploit does actually pop up a suspiciously looking "Save file" dialog, which you wouldn't normally get for html or gif files. However, for a PDF file, the same dialog would be much less surprising, so just name your thing exploit.pdf.exe...
There's always the chance of fraud, but a business that accepts credit cards has essentially been pre-screened by the bank for you.
Then how come some fligh by night spammers are able to accept credit cards? In this example, firstly, they spam, secondly, they sell non FDA approved medicine, and thirdly, they claim on their order form that it is SSL protected but in reality it is not. But still, they somehow got hold of a merchant account...
Always let the mouse hover on any link in Slashdot before you click on it. This will display the link's true destination in the browser's status bar, and any goatsex reference will be obvious (unless the prankster space-padded the link as well...).
Note: I said browser, not Internet Exploder. Not sure whether IE is able to give such advance warning.
Sure, there will be spam that also has you send you money to China/Afganistan etc, but that will make the spam much less profitable, as most people won't do so. Lastly, most people will use credit cards, and I assume that most SPAM scams are frauds too, so the chargebacks will be hell for the spam beneficiary.
Chargebacks will be especially nice when spam fighters start submitting hundreds of bogus orders, with made up CC numbers. Perfectly safe if you use an open proxy, and pretty effective too (as long as the check digit matches, but it is easy to produce matching numbers...): for verification beyond check digit, the spammer has to pass card number, expiration date and billing/shipping address to his card processing firm before he can know the thing is bogus, but for each card check that turns out negative, it gives the spammer a black mark. Eventually, he'll be kicked...
Everybody knows that spammers often like to use open mail relays which are located in China. And they do this, because they know very well that the Chinese are very unreactive in closing those down.
However, how about the following idea: if a spam relay is not closed within, say, 2 business days, we start using it ourselves... to spam thousands of Chinese email addresses with anti-communist articles from various news sources. I betcha, that relay will get closed down real quick.
Works fine in konqueror too. Well except for the fact that it only uses the left half of the screen, but what do you expect from such a web-averse firm as KPMG?
Much more fun than all the Rush Limbaugh emails I used to get; these would have secret details of stuff days or weeks before it was due to be released by the press.
And, were these details of any use in the stock market;-)
... but what if you find a bag of sugar instead? Who's gonna telle you that there really is no anthrax inside? Especially if you find it at a location such as N 45 2.001 W 122 40.911?
Quite a few European countries have had problems with terrorosts for years.
It's a problem of scale. In Europe, you get bombs in supermarkets or subway stations, car bombs near the roadside, some minor politicians shot or stabbed, but nothing really serious. So far, the Tour Montparnasse is still standing, Chirac is still alive, Bridges are still safe to cross, and while the Alp tunnels are now considered unsafe, this is due to accidents, rather than to deliberate acts of terrorism.
In Europe, most acts of terrorism have a death toll of 1 or 2 per incident, and maybe 10 wounded. In the US, you get 4000 deaths plus a very high-profile landmark destroyed. Not really the same scale.
Just take the headers of your spam, leave the Received-from line containing the spammers IP and sent date intact, replace the body with "interesting" contents, and inject it via an open proxy + open relay to a random address...
Should be fun to watch. Just make sure to not get caught yourself in the FBI's net.
WEP doesn't secure worth spit even with 128 bits because they implemented the whole protocol as an insecure system.
We already know that, and probably Disney does too. But who says that they aren't using some application-level encryption on top of WEP. Crack WEP, and you'll be staring at an additional layer of encryption (SSL, whatever).
President Bush and his staff are very concerned about a cyberwar, because it can be waged without physically having Arabs in the States to commit the terrorism. That is very dangerous indeed.
Well, terrorism can easily be waged without having Arabs in the States, even without resorting to cyberwar. As Oklahoma City has shown, it's enough to have Rednecks in the States. Kudos though for disguising your racist drivel well enough to get modded up to 2.
That's the German spelling. However, AFAIK, the French and English spelling is Nurenberg.
Just like you say Roma in Italian, but Rome in French and in English, and Rom in German. Or Straßburg in German, vs. Strasbourg in French. Or Bâle vs Basel...
Many of the larger European cities have different spellings in different languages.
Hey, maybe this is the way to get that old great online humor site back in the black!
A quick whois search shows that the following domains are all taken. I wonder whether they sell subdomains...:
dick.com
mydick.com
suckmydick.com
cock.com
mycock.com
suckmycock.com
ass.com
myass.com
kissmyass.com
.net and.org variants seem to be taken as well. However cansuckmydick.com and variants are still free, but maybe that name is a little bit too long for most registrar's taste.
Slashdot Mirror
Unfortunately, the online complaint form is down at the moment...
That's like saying: "it's not dangerous to walk Central Park by night, the only dangerous thing is to get near a robber". Problem with both reasonings: how is the casual user going to know in advance whether the the Web page is specially constructed or not? Or whether that man over there is a robber who'll turn around the next second, and stick a gun on you?
Actually, if you had read the link, you could have found a real argument in your favor: the exploit does actually pop up a suspiciously looking "Save file" dialog, which you wouldn't normally get for html or gif files. However, for a PDF file, the same dialog would be much less surprising, so just name your thing exploit.pdf.exe...
This is very interesting... Do you know how to report such scams to the credit card Co's (any useful mail addresses, phone numbers, ...)?
Any time I see 3D, I think of those =3D spews of crappy mail clients, which still insist on using quoted-printable.
Then how come some fligh by night spammers are able to accept credit cards? In this example, firstly, they spam, secondly, they sell non FDA approved medicine, and thirdly, they claim on their order form that it is SSL protected but in reality it is not. But still, they somehow got hold of a merchant account...
... to see who is the first to come up with a recognizable 8x18 rendition of you-know-who.
Always let the mouse hover on any link in Slashdot before you click on it. This will display the link's true destination in the browser's status bar, and any goatsex reference will be obvious (unless the prankster space-padded the link as well...).
Note: I said browser, not Internet Exploder. Not sure whether IE is able to give such advance warning.
You don't make sense. Please read up on what an open relay is. I even provided a link in my article. And please, don't kill your aunt.
Chargebacks will be especially nice when spam fighters start submitting hundreds of bogus orders, with made up CC numbers. Perfectly safe if you use an open proxy, and pretty effective too (as long as the check digit matches, but it is easy to produce matching numbers...): for verification beyond check digit, the spammer has to pass card number, expiration date and billing/shipping address to his card processing firm before he can know the thing is bogus, but for each card check that turns out negative, it gives the spammer a black mark. Eventually, he'll be kicked...
However, how about the following idea: if a spam relay is not closed within, say, 2 business days, we start using it ourselves... to spam thousands of Chinese email addresses with anti-communist articles from various news sources. I betcha, that relay will get closed down real quick.
Works fine in konqueror too. Well except for the fact that it only uses the left half of the screen, but what do you expect from such a web-averse firm as KPMG?
Didn't you know? It's Slashdot's "link policy" to never inform any target before linking to it.
now they're down. what conclusion will they draw from this episode?
I dunno... Maybe to keep their landsharks on a short leash, lest they'll be bitten themselves?
And, were these details of any use in the stock market ;-)
Especially since it gives you some plausible deniability, in case you're just doing plain old wardriving...
Careful here, or your printer might get a virus!
Wanna buy one?
It's a problem of scale. In Europe, you get bombs in supermarkets or subway stations, car bombs near the roadside, some minor politicians shot or stabbed, but nothing really serious. So far, the Tour Montparnasse is still standing, Chirac is still alive, Bridges are still safe to cross, and while the Alp tunnels are now considered unsafe, this is due to accidents, rather than to deliberate acts of terrorism.
In Europe, most acts of terrorism have a death toll of 1 or 2 per incident, and maybe 10 wounded. In the US, you get 4000 deaths plus a very high-profile landmark destroyed. Not really the same scale.
Should be fun to watch. Just make sure to not get caught yourself in the FBI's net.
We already know that, and probably Disney does too. But who says that they aren't using some application-level encryption on top of WEP. Crack WEP, and you'll be staring at an additional layer of encryption (SSL, whatever).
Hrmm, maybe one minute equals 60 seconds?
Well, terrorism can easily be waged without having Arabs in the States, even without resorting to cyberwar. As Oklahoma City has shown, it's enough to have Rednecks in the States. Kudos though for disguising your racist drivel well enough to get modded up to 2.
Just like you say Roma in Italian, but Rome in French and in English, and Rom in German. Or Straßburg in German, vs. Strasbourg in French. Or Bâle vs Basel...
Many of the larger European cities have different spellings in different languages.
That town is called Nurenberg, and incidentally, its area code is 911...
A quick whois search shows that the following domains are all taken. I wonder whether they sell subdomains...: