Tag Archives: spam

Captain X-Ploit Halloween special: 28 Stores Later

Posted on by

The Adventures of Captain X-Ploit:
– Part 4 of the week long Halloween special –
28 Stores Later

David boarded the first flight to Minnesota on his way to The Mall of America. Surely he could spend a relaxing Halloween in a mall he thought. Never have malls been a scene of horror he thought.

Several hours later at the mall:

David walked from store to store enjoying the sights and sounds of the biggest mall he’d ever visited. After a while, however, the people seemed to start acting strangely. Their normal strides devolved to leg-dragging hobbles. Their eyes glazed over and their ability to give him proper change had all but vanished. David continued to shop, determined to not have his Halloween ruined by the simple emergence of zombies.

Try as he might however, it did interfere with his plans, because after about four hours all of the dead-eyed monsters promptly dropped their thin pretense of humanity and wandered out of the stores and began to commit, what David considered the most disgusting, vile act imaginable. They started distributing advertisements for Viral-agra.

A well dressed, clearly non-zombie man walked up to David and spoke hastily. “My name is Joseph Webster. President Ted has sent me to ask if you could help fix this zombie outbreak. I am to lend as much aid as possible.”

“I think fate has destined me to have a crappy Halloween,” David sighed, “I assume simply killing the infected is unacceptable?”

“Ted said he’d prefer an outcome in which the infected NOT die. After all, election season is upon us. He said we don’t necessarily have to cure them, just stop the outbreak and preferably stop them from distributing those tasteless ads.” Joe paused gauging the scowl on David’s face, “In case it matters, I have managed to track the source of the infection.”

“Really?” David brightened visibly, “That’s certainly a step in the right direction. Take me there.”

A few minutes later:

They were standing outside a local adult bookstore. David could see how Joe had discovered this. Healthy patrons walked in and monsters walked out. David bowed his head in shock and shame. “They are disgracing the once respectable name of porn.”

After walking into the store it was immediately apparent what was going on.  People were filing into a room with a door labeled “free porn” one by one. Those leaving seemed to have some strange device attached to the back of their heads. After entering the room they saw that people would walk-in, sit in a chair and put their face into a view screen expecting porn, but instead a control device was attached to the back of their head and they were kicked out of the room. David promptly walked over to the machine and when the room was empty, placed an “out of order” sign on the machine and waited for the next group.

After informing the next group that the machine was broken he wandered out of the room, over to the counter and promptly demanded to speak to the owner of the store. The attendant walked off and returned with the owner, a tall dark haired man who’s outfit and demeanor all but screamed “hacker”.

“The ‘free porn’ machine is broken. I sat there, like forever, man, and NO PORN!” David said, attempting to sound stupid enough to impress the poser, “I’m pissed man, I want my money back!”

The owner raised an eyebrow, “You want your $0.00 back?”

“Yes! and I want it fixed NOW!”

The owner agreed to fix the machine if David agreed to be first in line once it was fixed. When they entered the room David explained, “See dude, when I sat down there was no porn! All I saw was these stupid credit card numbers flashing with names and stuff.”

A huge grin appeared on the owners face as he promptly sat down and put his face in the view screen.

A few minutes later:

The owner of the store was trying to sell them “Viral-agra”, while Joe and David discussed what to do next. “I’m afraid if we destroy the machine it might kill the zombies for good or at very least return them to their previous pseudo-zombie existence. Besides this situation seems too potentially beneficial to just destroy,” David remarked.

“Agreed,” Joe said, “Any ideas?”

“Well, yeah actually. I was thinking, if you could reprogram the machine, I could stop people using it.”

“I can do that!” Joe agreed, happy to assist, “But what do you want the zombies to do?”

Several hours later:

Joe had reprogrammed the machine and David had changed the sign from “free porn” to “free print newspapers” they found themselves back at the mall enjoying the rest of the shopping day. They were only occasionally interrupted by a dead eyed shopper asking if they had heard the million reasons they should re-elect Ted for president.

David shoveled another handful of candy into his mouth and looked at Joe saying “You know, I think my Halloween is finally going to be normal… well, as normal as a Halloween spent in a mall full of political zombies can be.”

“I’m glad, Ted’s told me about what you’ve been through,” Joe said, “It sounds like you could use a rest. Especially with this competition with Sara coming up.”

“Indeed.” David said, “Yes, indeed. But, that’s another story for another week I believe. For now I’m just going to enjoy the candy and watching the zombies try to walk up the down escalators.”

“Sounds like a plan. Mind if I join you?” Joe asked.

“Not if you keep that candy coming,” David responded as his default, worry-free smirk crept across his face.

So finally after all these episodes of Captain X-Ploit, I get to make an appearance! Not just a cameo but an actual feature performance! And it is in an homage to one of my all time favorite horror masterpieces, George Romero’s Dawn of the Dead. While the title of the episode makes a perfunctory nod to the more recent, and vastly inferior, zombie flick 28 Days Later, it’s all about Dawn. I love how these zombies exhibit behavior we’ve all come to expect – distributing spam for erectile dysfunction products. In a stroke of classic Captain X-Ploit genius, rather than shut down the zombie network our heroes – that’s right there’s two of them now counting moi – decide to exploit the network for their own ends. Namely to distribute campaign spam for President Ted. Happy Halloween from everyone at Security For All!

Putting the smackdown on old school spam

Posted on by

Guess what I got today?
Envelopes I’ll throw away
Pamphlets, brochures on clothes
Samples, tampons, nylon hose
Junk mail junk mail
From Junk Mail by Circle Jerks

Lately I’ve been getting back to basics with entries like this one that have tremendously useful (would you believe marginally useful?) ideas that actual people can apply. In real life even. Well this post takes that even further. I’ve gathered some information on how you can reduce your postal mail spam footprint. That’s right, postal mail. Snail mail. The stuff in that box outside your door. Nowadays pretty much everything I receive through the US Postal Service is some kind of junk mail. So I decided to share with you, dear readers, some stuff I learned from these great articles including this one in LifeHacker all about The Best Sites, Numbers, and Forms for Banishing Junk Mail and this one in Senior Brigade called How to Reduce Telemarketing Calls and Junk Mail.

Jacqui Cheng at the always informative Ars Technica has offered up four great starting points to hit the most egregious tree-choppers and mailbox stuffers:

Note that some of the sites mentioned above have offerings and rules are that are not terribly obvious, so check out the original Ars Technica article for additional details. They are pretty amusing as well as informative. In addition to those links the folks at LifeHacker and Senior Brigade have gathered some other sites to help reduce your junk mail that I’ve summarized here.

  • Go straight to the junk mail source – The “We really aren’t intentionally annoying” section of the Direct Marketing Association is a Mail Preference Service. Sign in to opt out of catalogs and newsletters you don’t want. Your name will remain on this “delete file” for five years. Alternatively you can complete this form, or draft a letter including your name and address, and mail it to:
    DMA Mail Preference Service
    P.O. Box 9008
    Farmingdale , NY 11735-9008
  • Send mail for previous owners/occupants to the real-world bit bucketLos Angeles County’s Dept. of Public Works suggests the following: “If the former residents of your house neglected to fill out a ‘Change of Address Form’ or it expired, you can fill one out for them. You must fill out a card for each unique last name. On the card write ‘Moved, Left No Forwarding Address’ as the new address. Sign your own name and write on the form ‘Form filled in by current resident of the house, (your name), agent for the above’. Once submitted, this information will be entered into the U.S. Postal Service’s National Change of Address (NCOA) database and remain active for a year and a half.”
  • Slice up credit card offers – The Big Three credit bureaus—Experian, TransUnion, and Equifax offer a toll-free number you can call to remove your home and identity from their third-party hand-outs: 1-888-5-OPTOUT (1-888-567-8688). You can also visit http://www.optoutprescreen.com where you can choose to opt out for five years, or permanently. You can also call the same number or visit the same website to opt back in. Like that would ever happen.
  • Filter out porn mail – The U.S. Postal Service gets real cranky when the stuff they deliver to your mailbox is sexually explicit. Just grab Form 1500, “Application for Listing and/or Prohibitory Order,” from the USPS’ PDF forms listing (Google Docs version here), fill it out, file it, and lose the nasty stuff.
  • Just say no to coupon packs – Val-Pak, Carol Wright, and ADVO offer up the bundled packs of coupons that some folks really groove on. If you are not one of those folks, Obviously.com lists the big three coupon opt-out methods in their junkmail how-to, along with many more junkmail avoidance ideas.
  • Be uncharitable to charity solicitations – Just because you gave once doesn’t mean you want to continue giving forever. Unfortunately very few charities have anything like opt-out forms on web pages. And almost all of them share donor information promiscuously. As do magazines and other subscription publications. Tell magazines to which you subscribe, and charities to which you donate, that you don’t want them to share your name with other businesses or charities. Request the same from mail order companies. The BBB Wise Giving Alliance recommends sending a letter informing the charities you do support that you don’t want your information given out and asking the other charities by mail to stop contacting you. Be sure to include the original mailing label, which often has information needed to process your request.
  • Tell your bank to keep their junk out of your mailbox – Read the privacy policies of your credit card companies and banks. The policies must give you an “opt-out” option, by which you can tell the bank not to share your personal information with other companies. The bank may still be allowed to share your information with its “affiliate” companies. Weasels.
  • Don’t play sucker games – Don’t enter sweepstakes and drawings. The main purpose of many contests is to compile mailing lists. If you enter one contest, you are likely to receive mailings from other contests.

There are more ideas on how to stop junk mail and telemarketing at the Federal Trade Commission

So now in addition to Inbox Zero maybe we can get to Mailbox Zero.

Email advice for the rest of us

Posted on by

Coming up on the second anniversary of Security For All (no, this is not THAT entry – it’s coming) I realize that I’ve been remiss about the “For All” part of Security For All. Lately it’s been all about copyright enforcement shenanigans, e-discovery technicalities, Fourth Amendment, privacy issues and Captain X-Ploit parables and nary a peep about how a real person (read non-ultra-geek) can save what’s left of their privacy and avoid being abused on the Internet. I was particularly struck while reading this article entitled 10 things non-technical users don’t understand about your software (no, this isn’t about THAT article either – although it is quite good in a software engineering kind of way) wherein the author, Andy Brice, makes these points.

Techies are happy to play with software to see what it does. They aren’t usually too worried about trying things because they can rely on some combination to undo, version control and backups to reverse most changes and they can usually judge when a change won’t be reversible. Non-technical users aren’t so confident and won’t try things in the same way. In fact some of them seem to think that a wrong move could cause the computer to burst into flames.

Unskilled users often don’t realize how unskilled they are.

That is a nasty but common combination. The implications include users who are afraid of trying things out, because they might “break something” and when they need help don’t have the skill or experience to ask or even know what to ask. Recently I installed a new iMac for my mom. I made sure that she had all of the necessary security software installed and configured including a password safe, made sure that her iSight camera was working so that she could video chat and even transferred all of her photos, addresses and music. In other words she was ready to roll. Or so I assumed. The next day she called me in a panic because her “screen went blank” and the iMac appeared to be dead. After a great deal of troubleshooting over the phone I determined the root of the problem: the iMac was powered off and she didn’t know where to find the power button. So that great work configuring and securing her new computer was useless when she doesn’t know how to turn it on. All of the preceding is an epiphany and mea culpa. I’m returning to the roots of this blog (for this entry at least) with some email advice for everybody.

I’ve written about sending safe email before, but I recently came across this pair of articles by Chad Perrin in TechRepublic. This first, entitled Basic e-mail security tips and the follow-on Five tips for avoiding self-inflicted email security breaches. I’ve condensed these into a single list with my commentary, but you should definitely check out Chad’s full articles.

1. Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML — or “Original HTML” as some clients label the option.

Chad goes so far as to suggest that you use an email client that doesn’t render HTML at all. I wouldn’t go that far but I would agree that you shouldn’t automatically allow HTML. This is the default setting for most email clients. So let’s step back a second and explain some things. First off “HTML and XHTML” are computer “languages” that allow you to see nice page layouts, pictures, sounds and movies in your email. It’s the same stuff you see when you surf the web. A web page is usually HTML that is rendered (“translated”) by your web browser into all of those previously mentioned cool things. So since HTML can automatically download and display stuff like pictures, movies and music from the web, it can also download bad stuff like links to phishing sites or malware that looks like a picture or movie but is really something bad. So if this is the same thing that your web browser displays all the time, then why is it a problem with email? Unlike your web browser which doesn’t copy anything to your computer unless you allow it to, your email program makes a copy on your computer before it even tries to display it. So the bad stuff is already there just waiting to be activated. So be very careful before you “download pictures” in an email (your email program should ask first) and don’t select “always download pictures”. Even when they’re from Dear Old Aunt Alice. Especially if they’re from Dear Old Aunt Alice.

2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail. This means avoiding the use of Web-based e-mail services such as Gmail, Hotmail, and Yahoo! Mail for e-mail you wish to keep private for any reason.

What he’s getting at here is that you should not use the “webmail” application with these services. That is don’t check your email from a web browser. All of the services mentioned are also POP3 or IMAP servers that your email program can get email from. Unfortunately this can be pretty tricky to set up and you will probably need to get some help to do it right. The main thing to realize is this: those “free” web-based email services aren’t free (sorry but Grandma was right – there is no free lunch). They make money from their advertisers and YOU are the product they offer to those advertisers. So all of those companies would prefer that you leak as much private information to them as possible. It makes you a more valuable product.

3. It’s always a good idea to ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not. The reason for this is simple: You do not want some malicious security cracker “listening in” on your authentication session with the mail server. If someone does this, that person can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers).

This is very important. It sounds technical – and it is  – but it’s not that hard to find out if your email program is set up right to do this. Just go to the “accounts” set up screen and make sure that the settings include something called “SSL” or “TLS”. If instead it says “cleartext authentication” or “password sent clear” that is bad. Most Internet Service Providers (ISPs)  have been doing “secure authentication” by default for years. They only support the older (bad) stuff for really old computers, but if you have been with your ISP for a long time then you might never have changed your original settings. Definitely check this out. Also be aware that the web-based email services mentioned earlier all have this feature as well, but it is not on by default. They would like everyone to be able to access their service even from broken old web browsers or old smart phones that don’t communicate the right way. That’s not for you. In Gmail (the one I use and know the most about) under the general settings there is a choice to “always use https” which is a fancy way of saying “use a secure connection”.

4. If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

This is spot on. It may be convenient to check your email using a web browser on your laptop, iPad or Droid from Starbucks, but be aware that it’s also very convenient for the bad guys to see everything you do – from afar. I’ve written before about using public WiFi safely. The main point being – don’t be an idiot. There’s a reason public WiFi is called that.

5. Turn off automated addressing features: As communication software accumulates more and more automated convenience features, we’ll see more and more cases of accidentally selecting the wrong recipients. A prime example is Microsoft Outlook’s “dreaded auto-fill feature,” where it is all too easy to accidentally select a recipient adjacent to your intended recipient in the drop-down list.

Yes indeed. Your email software contains all sorts of convenient features with which you can easily shoot your foot off. Or at least seriously embarrass yourself. Just make sure that your outgoing message is really going to it’s intended recipients – and ONLY the intended recipients – before you hit SEND.

6. Use BCC when sending to multiple recipients: It’s a bad idea, from a security perspective, to share email addresses with people who have no need for them. It is also rude to share someone’s email address with strangers without permission. Every time you send out an email to multiple recipients with all the recipients’ names in the To: or CC: fields, you’re sharing all those email addresses with all the recipients.

I can’t count the number of times I have gotten email from a well-meaning friend or acquaintance that has added me to a mailing list where every email address on the list is visible to every recipient. In some cases I might even know many of the people on the list, but that doesn’t mean that they want an unsavory character like myself knowing their email address. In case you are interested – or are one of the egregious offenders I mentioned – I use special email rules for all emails I receive where I’m part of a mailing list. Special in the sense that the message goes straight to the trash and black-lists the sender’s address if there are multiple visible recipients. So long and don’t bother to keep in touch.

7. Save emails only in a safe place: No amount of encryption for sent emails will protect your privacy effectively if, after receiving and decrypting an email, you then store it in plain text on a machine to which other people have access. Sarah Palin found out the hard way that Webmail providers don’t do as good a job of ensuring stored email privacy as we might like.

Boy Howdy! I’ve also written about that very incident, in this entry about Sarah Palin and the great Yahoo! angst.The point here is one of the fundamental principles of security – be it information security or physical security – If you don’t control the location of the thing you want to protect, you can’t protect the thing. Whether it’s a classic car, the formula for Coca Cola or a email message. Last time I checked, you don’t have any control over Gmail, Yahoo! or Microsoft mail servers. You do, on the other hand, control your own computer. Learn from Sarah’s email mistakes.

8. Use private accounts for private emails: Any email you share with the world is likely to get targeted by spammers — both for purposes of sending mail to it and spoofing that email address in the From: field of the email headers. The more spammers and phishers spoof your email address that way, the more likely your email address is to end up on spam blocker blacklists.

If you are someone who insists on sending to mailing lists (we call that spam in the infosec biz) at least do it from some throwaway public email address you don’t care about – just like the real spammers. Because I guarantee that it won’t be long before real spammers are using that address anyway and then you won’t be able to send an email to anyone from that address. And for you Canadian readers, it’s probably best to avoid this behavior entirely as the Canadian government takes a rather dim view of spammers – intentional or otherwise.

9. Double-check the recipient, every time — especially on mailing lists: Accidentally replying directly to someone who sent an email to a mailing list, when you meant to reply to the list, isn’t a huge security issue. It can be kind of inconvenient, though, especially when you might never notice your email didn’t actually get to the mailing list.

This is a corollary to #5. So let’s just keep this real simple – avoid mailing lists. Sure they are convenient for sending out invitations to your soirée but seriously, how many times do you invite the exact same group of people to your soirées? And by the way, that mailing list you keep for sending out those funny jokes and videos – you know the one – where do you think those all end up? See #6 if you are really interested. Otherwise ignorance is bliss. And a complete waste of bandwidth.

Gray haired computing part 3

Posted on by

In part 1 of this series we talked about finding the right computer system and decried the lack of availability of such systems. In part 2 we talked about how to get connected with friends and family when access to a computer system is impossible or impractical. So in this part we’ll start from the assumption that the senior in question – most likely yourself, dear reader – already has a computer system that is more or less usable and are ready to do something fun and useful with it. How do you get from senior citizen to senior netizen, from lost in space to hacker space without being pwned in the process. Actually it’s easier than you think. In fact you probably already know a whole lot more than you realize.

First off let’s define some of this confusing cyberspeak. I mentioned being “pwned” so let’s start there:

In hacker jargon, pwn means to compromise or control, specifically another computer, web site, gateway device, or application.

Why would someone want to do that? As it turns out that’s big business these days. You’ve probably heard about botnets. Here’s what that means.

Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. Typically botnets are operated by criminal entities.

And what do those criminal entities do with botnets? Mostly they sell bandwidth and compute resources – from the pwned PCs (bots) – to spammers.

Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. The most widely recognized form of spam is e-mail spam.

Basically it breaks down like this: Your computer gets pwned and turned into a bot and becomes part of a botnet that is used to send spam like those “cheap viagra” emails that everybody receives.

Another thing you’ve probably heard about is phishing.

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Those are the two biggest threats on the internet. In fact they usually turn out to be a single threat. Here’s how that works: You get a phishing email that purports to be from your bank. Instead of sending you to your bank’s web site it links you to a malicious site that transfers malware to your computer, turning it into a bot.

Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

I’m guessing that right about now you are thinking “this sounds really complicated”. While plenty of companies,both legitimate and fraudulent, would like you to believe that, it’s actually not. In truth phishing and spreading malware is nothing more than con games being run in this new environment, the internet. The point being, it’s up to you to avoid being a mark. And this mainly requires a change in the way you think about communication over the internet.

I’ve written about this issue before in a post called the Technology generation gap.

There have been grifters and scam artists around since time immemorial, but it’s only been with the advent of the ubiquitously anonymous internet that the scams, schemes and spam have become pervasive. Back in the day, a grifter’s work was strictly up close and personal as opposed to nowadays when you can hit millions of marks with a single shot. Kind of like a knife fight versus carpet bombing.

You have to understand is that email is not like actual physical mail. It’s easy to get caught up in the abstraction of sending and receiving electronic mail. It appears to work exactly the same as sending or receiving correspondence. Only much faster. Unfortunately there are some dramatic differences between how mail and email work, and these differences make email significantly less private and reliable than mail. When you send a letter via mail it is picked up from a postal drop, transported through a series of post offices where it is postmarked and finally delivered to the intended recipient. Note that the same physical letter that was sent is received and the content of the letter often validates the identity of the sender. Junk mail is also easily identifiable as such. With email it works much differently. When an email message is sent, a copy is sent to and stored on the outgoing email server owned by the sender’s email provider. Then a copy of the message is broadcast over the internet and received, after any number of intermediate stops along the way, by the incoming email server owned by the recipient’s email provider. From there the recipient gets a copy of the email message. Note that there are at least 5 copies of the message created and stored on at least 5 different computers for that one email message. And the sender and recipient only have control over their respective copies. Also because email is by definition computer generated the content cannot be used to validate the sender’s identity. In other words, anyone can type “Dear Grama, … Love, Katey“, but it doesn’t make them Katey. Also, remember those postmarks on letters? They show you where the letter originated from. While email contains a record of where it was sent from, including all intermediate stops along the way, you can’t trust the voracity of this record. It can easily be “spoofed” to appear to be from anywhere the sender wishes. Furthermore since the bulk of the “daisy chain” of email message copies is not controlled by the sender or receiver it can be altered, corrupted or otherwise misused anywhere along the line and no one will be the wiser.

The next thing to understand is that the internet is designed to be anonymous. Just like the famous New Yorker cartoon: “On the internet nobody knows you’re a dog“. Unlike real life where we tend to trust people until they are proven to be untrustworthy, on the internet there are no people, as in actual living human beings, to trust. Actual humans are not directly responsible for a fair portion of internet traffic. Much of the content on the web is generated by bots or other automated processes. For us actual human internet users this requires a complete reversal of the way we’ve always thought about communication. In other words, we must assume that anything we get from the internet is suspect until proven otherwise. Guilty until proven innocent. This is the hardest thing for most of us who grew up before the information age to do. But it’s critical to understanding how the internet works.

The bottom line is this: Trust no one and don’t be an idiot. If it sounds too good to be true, it is. I mean seriously, when you see a scary message pop up on your screen like “your computer is infected with a terrible virus” ask yourself “why would anyone care about my computer?” The answer is obvious, and unless you enjoy being a sucker you’ll treat it the same way you would the street corner three-card-monty dealer. Move on. Nothing interesting here.

Now hold on there, bucko. It has to be more complicated than that. What about all that anti-virus stuff and anti-phishing services? What about Windows update? Well you got me there. The sad fact is that Microsoft Windows spawned a whole industry of snake oil products [Whoa! I knew I felt a conspiracy theory coming on!] that are now required for Windows users. But at least now the Microsoft serpents have eaten the other serpents [Woo Hoo! A vague biblical reference too!] with the introduction of Microsoft’s own anti-malware tools for free. So at least you won’t have to pony up annual subscriptions. Yet. So if you are running a Windows computer, threaten to cut the person who foisted it on you out of your will until they set this up for you. If you have a Mac or Linux computer just send the clever and generous person who gave you such good advice a digital smooch. But just remember, regardless of how much anti-malware stuff you have on your computer, or how up to date you are with all of those “security patches” you are still at risk if you act like an idiot. By contrast you could be running an old unpatched, unprotected Windows 2000 box and be just fine as long as you refuse to be a mark for online grifters.

So that’s the secret. Like most things in life, the easiest solution is the best.

Michelle vs. hot Ukrainians

Posted on by

Every so often you get a wickedly satirical comment that turns out to be wickedly insightful as well. Provided for your consideration is just such a witty piece from Chris Webster, a law student at University of Maryland at Baltimore.

Vnunet.com had this article about malicious spam purporting to be a sex scandal involving Barack Obama. You can get the article here.

Web monitoring firms are warning IT administrators to update their spam filters after a massive new spamming campaign was detected. Inboxes are filling up with spam claiming to have a link to a web site that carries video footage of a sexual indiscretion committed by presidential candidate Barack Obama. It alleges to show footage of him having sex with Ukrainians after a visit to the country last year.

Chris has this clever insight.

Michelle Obama v. hot Ukrainians? I can see that…

What does this say about idiot spam victims?

  1. they like to see online sex videos
  2. they like to believe the worst about Obama
  3. they think anything can happen in Ukraine
  4. they think everybody tapes everything
  5. if it’s on email it must be true!

Very interesting study in social engineering.
I personally think Putin is behind this web attack.
Reasons:

  1. he knows a lot about Ukraine ( and Ukraine’s girls)
  2. sources close to him say with his reduced duties he has been watching more movies — Top of his Netflix you’d enjoy list = “Sex, lies & Video Tape”
  3. the other guy who might be behind this is McCain, and he has never been on the internet
  4. Putin needs to get back at the, “American political candidate who initiated the Georgian war for their own gain.”

Thanks for the warning, luckily all my money is tied up in this can’t lose Nigerian investment 😉

Chris.

In the interest of full disclosure, you should know that I am, in fact, related to Chris – he’s my eldest son.