Category: Tech

Posted on
by

Just what we need. Netcraft reports a worm that installs a network sniffer.

What’s that? It’s a program that listens in on traffic going across your network, looking for things like, oh, login names and passwords, credit card numbers, etc. They’re the reason online commerce requires SSL encryption.

Sniffers work because of the way ethernet is designed. Basically your local network is like holding a conversation in a crowded room. You focus on the people you’re talking with, and you tune out other people as best as you can. (In this case there’s also someone at the door who can relay your words to someone in another room, and relay back their responses.) To hold a private conversation you have to go somewhere else or talk in code. A traffic sniffer just doesn’t tune anyone out, so it picks up on everything in your local network.

So now, no matter how well you guard your own computer, if some moron on your network manages to get infected by Worm.SDBot (which thankfully hasn’t been spotted “in the wild” yet), you could still be handing out your email login/password when you log onto Yahoo/Hotmail/Outlook/etc.

You just might want to use that “secure login” option. Assuming, of course, that you have one.

Posted on
by

Via Email Battles: First ‘warspamming’ case reaches court.

Basically the guy (allegedly) drove around LA with a laptop looking for insecure wireless networks, then connected to them and sent spam using people’s home accounts.

The term comes from wardriving — driving around looking for unsecured networks — and warchalking — marking walls or sidewalks to indicate the presence, type and speed of the networks found. Early wardrivers discovered that Pringles cans make good amplifiers.

Further etymology: according to the Jargon File, war-driving is a play on war dialer. War dialers were programs that would call up a series of phone numbers looking for modems, faxes, or other phone-based systems it might be able to crack into. And that term started out as wargames dialer, a reference to the film War Games. (Whew!)

It turns out that warspamming is older than I thought: the term was coined two years ago, though this is the first case to go to trial. The defendant is being tried under CAN-SPAM, which went into effect this past January.

An interesting statement from the article:

If Tombros is convicted or pleads guilty then warspamming — also known as drive-by spamming — will move from being just a theoretical possibility to a genuine threat.

What, so in the two years since someone came up with the idea, no one has ever seen it done? And we have to wait for a conviction to determine whether it’s happened now? We don’t need to wait for a trial to know that spammers — an annoyingly resourceful lot — are using thousands of virus- and spyware-infested home computers as zombies. Warspamming doesn’t even require programming skills (or ties to virus writers — although I understand access to already-compromised networks has become a brisk business on the black market.) Surely someone has logs to show that it’s been done.

Update October 4: The defendant was convicted. Apparently, this is the first conviction obtained under CAN-SPAM. (via The War on Spam)

Posted on
by

Not five minutes ago I received my first 419 scam in a language other than English.

What’s strange is that even though it uses normal case and I can’t read more than a few words of French, it’s still obvious what it is. It has the same general structure with the opening, the “Excuse me for contacting you even though you don’t know me” line (I think), talks about a sub-Saharan African nation (Côte d’Ivoire), and of course, “($8,500,000) Huit Millions Cinq Cent Mille Dollars Américains.”

Posted on
by

Microsoft responds to Apple’s contention that portable video isn’t a big market:

“Ask kids in the back of a car on a two-hour trip, ‘Hey, would you like to have your videos there?’ My kids would,” Gates said. “I guess Steve’s kids just listen to Bach and Mozart. But mine, they want to watch ‘Finding Nemo.’ I don’t know who made that, but it’s really a neat movie.”

Yeah, who was that?

Posted on
by

Via Weblog about Markup & Style:

Dive Into Mark provides an excellent example of why a browser shouldn’t second-guess file types.

Safari content sniffing for XHTML

It’s a screenshot of Safari looking at a text document… but the first line mentions XHTML, so it’s decided that’s what it must be. I’ve had lots of trouble with Internet Explorer doing the same thing, and Safari’s been aiming at bug-for-bug compatibility in order to “break” as few sites as possible.

[Edit: After the source blog was taken down, I grabbed the screenshot from archive.org and uploaded it here.)

»All pages site-wide with this tag