Sammy’s Banished

Sammy Kamkar, the one who over a year ago unleashed an exploit on MySpace that caused anyone who viewed his profile, or his friends’ profiles to automatically request to be his friend. MySpace filed a civil suit against Kamkar, who plead guilty and is now banished from the Internet for a classified amount of time. The plaintiffs claimed that they are “committed to protecting our community from any abusive misuse of the site.”

Frankly, after reviewing the code and reading the explanation of his method, the hack only worked for IE and certain versions of Safari. In reality the exploit was of both the browsers and MySpace, his code should never have executed in the browsers. News Corp. should go after Microsoft as they are equally responsible for this exploit. Regardless, it’ll be interesting to see how they will go about keeping him off the Internet.

In other news, Boston needs to get a brain. Overreacting to the ten or so PCBs with LEDs attached and a black plastic bag protecting the batteries was idiocy. If the police can’t tell the difference between a bomb and a LED sign, how are they supposed to do their job? Seriously the media needs to stop spreading misinformation and disinformation before the people revolt against them, oh wait that’s already about to happen (the Internet, YouTube, p2p, etc).

-John Havlik

[end of transmission, stay tuned]

Stupid Phishers, I’m No Idiot

Today someone claiming to be part of the Chase-Security Support Service sent me an e-mail claiming that they ‘discovered’ recent activity on my account and that I had to log-in to my Chase Online account to resolve the issue. Funny how they ‘knew’ that I ‘have’ a Chase card, which I don’t.

Hovering over the hyperlink, which they tried to discreetly insert a bit of cover code so the average moron would think it was valid, but instead of going to https://chase.com or some related URL the hyper link pointed to some adsl-numbers link and then the cover http://chase.com/… Knowing that this was definitely a scam, which Thunderbird warned of, I clicked the link. Firefox displayed the address as http://jaew.us/login.htm with additional variable passing in the address, defiantly a scam. I tried the https version, and got an access forbidden.

I have taken the liberty of contacting JPMorgan Chase, notifying them of this scammer, which wants your name, credit card number, mother’s name, social security number, and CVV2. After collecting this information, which I provided fake information such as 123 12 1234 for the social security number, and [Expletive] You Scammer as my ‘name’, I was sent to Chase’s real website, which is semi-vulnerable since it redirects https traffic to it’s http server.

-John Havlik

[end of transmission, stay tuned]

1 Comment Updated:

Emersion Into PHP

After finishing my school work, I went to work on improving CribSense. My current implementation of CribSense on my blog is an old ‘build’ something around the lines of build 0005, while the current alpha is build 0014. Currently I’ve replace just about all of the original PHP code in preparation for plug-in integration into WordPress. Once all of the work that I can do without a MySQL database and WordPress installation is finished I’ll begin testing WordPress integration. I will open the code to the world for testing in a public beta some time shortly afterwards. Currently I need to finish some xHtml work so that I have the form needed for password override, which will work on the lines of “iif you are logged-in, you aren’t evil and are exempt from the IP ban”. Later on I will add a ‘learning’ ability to CribSense which will allow it to quick ban (1 day or less duration) any IP that sends more than three comments that are considered spam by Spam Karma or Bad Behavior or end up in moderation.

Right now I’m doing a test with build 0005 on this blog to see if the spammer that I mentioned in the previous post has given up on my blog yet or not. If so I can set-up some automatic removal of IPs so that legitimate users are protected better than just though the account method.

-John Havlik

[end of transmission, stay tuned]

Today’s Magic Numbers Are: 38.96.1.97

Since the stability issues a few days back, I’ve obtained a new ‘friend’, Mr. ‘Bonifacius’ from some non-existent website. This spammer uses the IP address 38.96.1.97 which is associated with Cogent networks. Not to worry, I’ve already sent a nice letter to their abuse department. Hopefully, on Monday I’ll know this person’s real name, address, phone number, e-mail and all the other goodies necessary to let the Feds have their way with the spammer.

Bonifacius is a mildly retarded spambot persona, he only says one phrase in his comments, and this phrase is: “Great article. I am just sad I dont know how to reply properly, though, since I want to show my appreciation like many other.” A quick Google search for this phrase turns up less than a few hundred results for this spammer, most of these are WordPress based blogs that must not be running any anti-spam plug-ins.

From what I’ve seen, Bonifacius spams a blog differently than most do. The typical spambot will crawl a blog and then make post where ever possible. Bonifacius instead of crawling a site will only check to see if it is a WordPress blog. A week or so later, Bonifacius will start pushing data to the wp-comments-post.php file. It starts starts with the first post then it tries the next post up the next hour. This process continues until either: there are no more articles, wouldn’t that be pleasant, or until it is blocked, or trapped as it is on my blog. I haven’t tested to see if the spambot stops after it reaches the end of the posts or continues on to infinity, if it does that’s very bad as it wastes bandwidth on both ends.

-John Havlik

[end of transmission, stay tuned]

CribSense Alpha

Introducing CribSense, an anti-spam blacklist suit for keeping those you don’t want visiting your site out. I’m just beginning to test it, but it’s a nice spoof of the Websense proxy block pages, you can check it out at the link provided below. I’m seeing if this will have a nice affect on the spammer that is attacking my blog at about once every hour right now.

Here is the link: CribSense

-John Havlik

[end of transmission, stay tuned]