Sammy’s Banished

Sammy Kamkar, the one who over a year ago unleashed an exploit on MySpace that caused anyone who viewed his profile, or his friends’ profiles to automatically request to be his friend. MySpace filed a civil suit against Kamkar, who plead guilty and is now banished from the Internet for a classified amount of time. The plaintiffs claimed that they are “committed to protecting our community from any abusive misuse of the site.”

Frankly, after reviewing the code and reading the explanation of his method, the hack only worked for IE and certain versions of Safari. In reality the exploit was of both the browsers and MySpace, his code should never have executed in the browsers. News Corp. should go after Microsoft as they are equally responsible for this exploit. Regardless, it’ll be interesting to see how they will go about keeping him off the Internet.

In other news, Boston needs to get a brain. Overreacting to the ten or so PCBs with LEDs attached and a black plastic bag protecting the batteries was idiocy. If the police can’t tell the difference between a bomb and a LED sign, how are they supposed to do their job? Seriously the media needs to stop spreading misinformation and disinformation before the people revolt against them, oh wait that’s already about to happen (the Internet, YouTube, p2p, etc).

-John Havlik

[end of transmission, stay tuned]

Spammed to Death, and Death to all Spammers

This weekend this blog, and every blog hosted by Weblogs.us were down due to an unusually high amount of spam targeted against our blogs. As this downtime frustrates users and the administers whom try to keep everything running smoothly, the decision to investigate the situation and follow suit against the parties responsible for the attacks has been made. JD is going to spend part of his Thanksgiving weekend down in Tulsa attempting to resolve server complications created by the spammers. These selfish acts on behalf of the spammers will not go unpunished.

On a lighter note, only two more days until Thanksgiving break. On a disappointing note, the new Weblogs.us website may not be launched this week, due in part on the recent spam attacks. On an irrelevant note, someone did a half-baked job of making my Lifetime Fitness club ID card.

-John Havlik

[end of transmission, stay tuned]

Stupid Phishers, I’m No Idiot

Today someone claiming to be part of the Chase-Security Support Service sent me an e-mail claiming that they ‘discovered’ recent activity on my account and that I had to log-in to my Chase Online account to resolve the issue. Funny how they ‘knew’ that I ‘have’ a Chase card, which I don’t.

Hovering over the hyperlink, which they tried to discreetly insert a bit of cover code so the average moron would think it was valid, but instead of going to https://chase.com or some related URL the hyper link pointed to some adsl-numbers link and then the cover http://chase.com/… Knowing that this was definitely a scam, which Thunderbird warned of, I clicked the link. Firefox displayed the address as http://jaew.us/login.htm with additional variable passing in the address, defiantly a scam. I tried the https version, and got an access forbidden.

I have taken the liberty of contacting JPMorgan Chase, notifying them of this scammer, which wants your name, credit card number, mother’s name, social security number, and CVV2. After collecting this information, which I provided fake information such as 123 12 1234 for the social security number, and [Expletive] You Scammer as my ‘name’, I was sent to Chase’s real website, which is semi-vulnerable since it redirects https traffic to it’s http server.

-John Havlik

[end of transmission, stay tuned]

1 Comment Updated:

Emersion Into PHP

After finishing my school work, I went to work on improving CribSense. My current implementation of CribSense on my blog is an old ‘build’ something around the lines of build 0005, while the current alpha is build 0014. Currently I’ve replace just about all of the original PHP code in preparation for plug-in integration into WordPress. Once all of the work that I can do without a MySQL database and WordPress installation is finished I’ll begin testing WordPress integration. I will open the code to the world for testing in a public beta some time shortly afterwards. Currently I need to finish some xHtml work so that I have the form needed for password override, which will work on the lines of “iif you are logged-in, you aren’t evil and are exempt from the IP ban”. Later on I will add a ‘learning’ ability to CribSense which will allow it to quick ban (1 day or less duration) any IP that sends more than three comments that are considered spam by Spam Karma or Bad Behavior or end up in moderation.

Right now I’m doing a test with build 0005 on this blog to see if the spammer that I mentioned in the previous post has given up on my blog yet or not. If so I can set-up some automatic removal of IPs so that legitimate users are protected better than just though the account method.

-John Havlik

[end of transmission, stay tuned]