20090926 Sky spam

I have pretty much reduced my physical communications (i.e. letters) to nothing. My bank doesn’t send me extracts of the operations that I am already aware of –because I check them online. My phone company doesn’t send me a physical invoice. Same for the internet provider. Except there are still companies like Sky who keep [...]

20090724 Nigerian scams go further

This time they have been really creative. What an amazing story to start the day! The interesting technical detail is that it seems they are using the site of a certain Bonnie Langford (Wikipedia says she’s an actress and entertainer) to propel their spam into the UK, as I see by looking at the headers: [...]

20081219 The irony of spam

As soon as I posted yesterday’s analysis on eBay scams, I began to get a lot of pingbacks from quite suspiciously looking websites, with domains like ebayblog.info, ebay4you.info, etc… all of them using the .info TLD, which is one of the most commonly used by spammers as far as I have seen. So it seems [...]

20081218 eBay scams

Everything began with this scam, which I received several times. I kept copies just for the sake of observing what would follow. Since you know, once s(c|p)ammers get your e-mail address, the rubbish stream won’t stop flowing: The missing ‘Sony Vaio PCG-VGX Brand New’ Hi again, i have no laptop from you by now if [...]

20071213 Get defacements, database dumps, remote shells, ownages and much more!

It works like that: you write dynamic code and allow parameters to be sent to your code. Then without any type of filtering or validation you use those raw values as parameters for your code. I’ll give you two examples so that you can get the result almost instantly: Example 1: open up your database [...]