Category: Tech

Posted on
by

Space Shuttle Atlantis has landed safely. *whew!* I’m getting more nervous about shuttle missions lately. In part, it’s the greater focus on all the things that could go wrong. In part, it’s the realization that you know, the shuttle fleet really is aging.

But mostly, I think it’s the fear that, given reactions to the Columbia disaster, our nation may be only one disaster away from writing off space—or at least humans in space—entirely.

Speaking of Atlantis, the Bad Astronomy posted a fantastic photo by Thierry Legault of the shuttle and the International Space Station passing in front of the sun!

Posted on
by

Here’s another example of randomly-generated spam somehow being appropriate:

This morning I received an image-based stock spam. The sender’s name was listed as “eye gouging.” Yes, spam does sometimes make you want to gouge out your eyes (or perhaps the spammer’s). May I recommend the Grammar Spork™ (NSFW: language) for such cases?

Posted on
by

I just read an interesting post from Microsoft’s Internet Explorer team on The IE7 User-Agent String. This statement in particular illustrates a problem not unfamiliar to Opera users:

There are a few remaining sites which fail to recognize IE7 because they are performing exact string matches to look for specific IE version strings. Those checks will need to be removed or updated to accommodate IE7.

Yes, you read that correctly: there are websites out there using bad browser sniffing code which will send the wrong code to Internet Explorer 7. In fact, they go on to say that they’ve released a tool which will let IE7 pretend to be IE6!

To enable you to workaround any remaining sites that block access to Internet Explorer 7, we developed the User Agent String Utility. The utility comes in the form of a small executable that opens an IE7 instance that sends the IE6 user agent string. It also provides a mechanism for you to report problem web sites to Microsoft so that we can follow up with the affected site owners.

I’ll admit to a certain amount of schadenfreude, but it also points up just how bad a strategy browser sniffing can be when done thoughtlessly: It effectively builds an expiration date into your website after which even the browser you designed it for will run into problems.

*This post originally appeared on Confessions of a Web Developer, my blog at the My Opera community.

Posted on
by

I just spotted a rather disturbing phishing message in (of all places) our abuse contact mailbox:

Subject: Fraud Prevention Measures

Dear customer!

Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-[removed] and update information on your MBNA card.

This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card.

No HTML tricks. No links to fraudulent websites. Just a phone number.

I can only assume this is a response to high-profile inclusion of antiphishing features in Internet Explorer 7 and in Firefox 2. If there’s no website, there’s nothing for a web browser to check.

And of course by not using sneaky technical tricks in the message, it’s harder for tools like ClamAV, spam filters, or mail clients to detect.

Incidentally, does anyone else find it ironic that one of the most common phishing techniques is to exploit people’s fear of being phished?

Further reading: Anti-Phishing Working Group.

Posted on
by

I’ve noticed a new subset of blog spam over the past few months: Jokes. Instead of just filling the comment with links to the spamvertized site, it’ll either leave the the link in the author URL field, or toss a couple links in at the end, but the bulk of the comment will actually be a joke.

Generally they tend to be story-type jokes, the kind you’ll find on, say, Jumbo Joke. This is probably an effort to build up enough comedic content to overwhelm the presence of links to a porn or pillz site. A similar technique had a brief heyday maybe a year ago in email spam, though I haven’t seem many of them lately.

It’s still spam—there’s no way I’m letting those comments and links onto the site—and Spam Karma still catches them. Still, it at least makes the spamtraps a little more interesting than the endless morass of links and keywords.

On another note, I’ve been seeing a lot more email spam targeting the abuse contacts lately. I don’t know what they think they’re accomplishing, since the people reading abuse@wherever are most likely to report them and least likely to buy from them. I mean, “Greetings Abuse!!!” doesn’t seem an effective way to begin a sales pitch.

»All pages site-wide with this tag