perkonis

In December 2003, German citizen Khaled el-Masri boarded a bus in Germany for a holiday in Skopje, Macedonia. Instead of a restful vacation, the Muslim man of Lebanese heritage says he ended up in a Central Intelligence Agency isolation cell in Afghanistan as a suspected terrorist.

read more | digg story

Spam is spam is spam. I try to stay on top of it, but some days it’s difficult.

To help me keep the crap comments out of here (and I don’t mean mine, thank you very much) I have been using the Akismet and Simple Trackback Validator plugins and blocking the worst offenders in my .htaccess file.

It works well, but that’s a lot of work. Unbeknownst to me, I could have just gotten some “protection” against the spammers…

/cue Godfather theme

Anikrichard | anlikivanna.80@mail.ru | wwwwww.com | IP: 72.9.235.218
hello , my name is Richard and I know you get a lot of spammy comments ,
I can help you with this problem . I know a lot of spammers and I will ask them not to post on your site. It will reduce the volume of spam by 30-50% .In return Id like to ask you to put a link to my site on the index page of your site. The link will be small and your visitors will hardly notice it , its just done for higher rankings in search engines. Contact me icq 454528835 or write me tedirectory(at)yahoo.com , i will give you my site url and you will give me yours if you are interested. thank you

Not Spam — Sep 5, 11:31 AM — [ View Post ]

Hopefully I won’t receive a horses head in my inbox for declining this gracious offer.

As a consolation prize, I would like to present the award for Dumbest Comment of the Year. This will also be in the running for Dumbest Comment Ever.

It started innocently enough. A quick text message reminding me that I hadn’t paid my cell phone bill. Oops. No problem, I pay nearly almost all my bills online so I’ll just head over to Sprint’s site and give them some jack. Quick and easy, right?

Wrong.

My first inkling that this wasn’t going to be quick and painless came when I couldn’t log in. Sorry, wrong credentials. Thanks for playing.

Ok, I keep a list of my usernames and passwords in my head where they routinely become corrupted. So I hit the “Forgot password” link only to be told that my username doesn’t exist. Hmmm, that’s not right. The next logical step was to hit the “Forgot username” link and give it my email address. Ah, I do exist (Good to know) and would receive an email with my username shortly.

Apparently in Sprint terms shortly means about 45 minutes at which time I received a stunningly brilliant message… (more…)

Just when I thought I was winning the security battle, along come the users. Even worse, upper management type users.
I finally convinced the powers that be that 123456789 was most definitely not a secure admin password for the server. And first_name/last_name were not good credentials for user logons. You laugh because you think I’m kidding. I’m not.
I figured the best way to win this battle was to take a preemptive strike. I waited until everyone was out of the office leaving me with no adult supervision. Then I struck. I changed passwords on everything that looked like it needed a new password. Which was everything but the coffee pot (I still can’t get the darned thing to run Linux). And I made them as long and as complex as I could make them. Upper case, lower case, alpha, numeric, special characters, 12-20 characters, the works. I’m not pretending that strong passwords are a cure all for security, but it’s the most obvious (and easiest) place to start. And previously our practices were ridiculous.
I figured a good way to keep track of them was to type up a spreadsheet and store it in a hidden TrueCrypt volume on my hard drive. I encrypted that and protected it with a 20 character alpha numeric special character password. I was pretty pleased with the result figuring it was pretty safe there.
Then the big bosses came back.
So I gave them a printed copy of all the passwords with instructions to keep them locked in a safe place. I explained that they would not need that info unless I were hit by a bus. Two of them took that to heart. Out of three. After all my efforts, I found one of them writing all the usernames, passwords, and URLs in his frikin day planner!!! WTF? Maybe I should open our WAP and broadcast the admin password as the SSID. Or just tape my key to the front door.

I saw this in with my normal run of comment spam today…

Xenical online….

Xenical lawsuits. Xenical. How long for results xenical. Cheap prices on xenical. Cheap xenical. Cheap xenical diet pills. Xenical tablets….

OK, I’m by no means a marketing guru, but it would seem to me that when you are trying to con persuade people to buy your product, you probably should not open the sales pitch by mentioning lawsuits.
Yeah, I know it’s all about blackhat SEO, but asuming they were able to spam their way up Google, I still think that opening the con sales pitch with the word lawsuit is a dumb idea. Yet another reason I wouldn’t make a good spammer. Well, that and the fact that I couldn’t possibly match the 7346 words of my most recent spam comment. Seriously. 7346 words, 46140 characters. That’s impressive.

I should know better. Should being the operative word there.
Since I am our IT department at work (I was the only one who could spell IT) I’m always harping on security. Left to their own devices my users (who all outrank me) tend to do really dumb things. Like disable firewalls, uninstall anti-virus, and connect to any random ad-hoc network they see. I have the envious task of edumacating them.
So far I have done a pretty good job. They let Windows install updates (they weren’t even on SP1 a year and a half ago), they keep their anti-virus up to date, and they quit surfing somewhat shady websites. They even quit storing information that should be secure in plain text on a laptop. I seem to be setting a good example.
Then today I remembered that some time ago I had to share my printer. Didn’t need to do that for long, but I forgot to “unshare” it when I was done. Care to guess how I figured that out? Yeah, the printer automagically spit out a page when someone else in the motel decided to use it.
I’ll turn in my geek card in the way out.

I installed Coppermine on my site a few weeks ago. I just wanted to try it out to get a feel and see if it was something I really wanted to use. Since I didn’t really have much of a purpose in mind, I left most of the settings at their default, uploaded a few pics I had floating around, and pretty much ignored it for a couple of weeks figuring I would get around to finding a use for it some day.

One of the features of Coppermine is the ability for users to rate the pictures and add comments. Sounds like good idea in theory. Theory and real world application, as usual, don’t agree. The default setting is to allow anyone and anything to posts comments and this is where things got interesting. Somehow a bot herder found my little site that gets next to zero traffic. Unfortunately I hadn’t ever gotten around to installing any kind of analytics code in the gallery so I wasn’t able to get much detail on what happened next.

(more…)