Maëlys McArdle

Author: Maëlys McArdle

  • Spam Battle. Partie Deux.

    The spam all links to the domain of:
    http://t-e-x-a-s-poker.com

    The site itself contains nothing on the outset – just baseless text. So who is texaspoker? Well that’s the fun bit. The WHOIS points to a registrar of “gandi.net”. Gandi.net has this to say on the domain:

    domain: T-E-X-A-S-POKER.COM
    owner-address: Djibuty Convega
    owner-address: company
    owner-address: 2003
    owner-address: St John’s, English Harbour
    owner-address: Antigua and Barbuda
    owner-phone: +188.4306129
    owner-fax: +188.4306129
    owner-e-mail: brooksjohnson2004@yahoo.com
    admin-c: DC1330-GANDI
    tech-c: AR41-GANDI
    bill-c: DC1330-GANDI
    nserver: ns7.gandi.net 217.70.177.44
    nserver: custom2.gandi.net 217.70.179.35
    reg_created: 2005-07-07 10:44:32
    expires: 2006-07-07 10:44:32
    created: 2005-07-07 16:44:33
    changed: 2005-08-12 09:39:33

    person: Djibuty Convega
    nic-hdl: DC1330-GANDI
    address: company
    address: 2003
    address: St John’s, English Harbour
    address: Antigua and Barbuda
    phone: +188.4306129
    fax: +188.4306129
    e-mail: beth.ruble@gmail.com
    lastupdated: 2005-07-07 16:46:33

    person: GANDI Auto Register 4.1
    nic-hdl: AR41-GANDI
    address: GANDI
    address: 38 rue Notre-Dame de Nazareth
    address: F-75003
    address: Paris
    address: France
    phone: N/A
    e-mail: support@gandi.net

    But will gandi.net do anything of this spamer? Well, not even worth a try according to its clause.

    by doing a whois on any domain name found in the email, you see that the domain name is handled by Gandi: Gandi is an ICANN accredited Registrar, and as such registers domain names on behalf of its customer. Gandi provides no webhosting nor email accounts to its customer, only the registration of the domain name. The use of the domain name is only up to the person owning it, and/or its contacts (see whois to find the owner and the contacts of the domain name). We can not deactivate and even less delete a domain name just because it is used in a spam: we can not and do not want to act as a judge.

    There are many other gems on the registrar’s site, such as tidbits which says that if you get Spam from them, its a demonstration that their mail relays works and its a good thing. Right.

  • Piracy film? Wha?

    What’s been going on with the piracy film?

    Well, the project itself began in May; after EYNTO was completed. Off the bat, I created a logo and the idea lingered for a while. Then I spent my free time at work creating rough outlines; some of which then permeated to this blog here.

    At one point, I went to the university library and collected every piece of information on filesharing, the RIAA, and statistics I could. Gathered 200 odd pages on the issue; if not more. For the most part that information was useless; sparked with a few gems here and there. Read through all briefly; some more meticulously.

    On a second batch of information gathering, I went to news sites. Slashdot and the Inquirer in particular; as they cater to the non-spoonfed media information I was seeking. Google News was also a great asset. I had an outline, and all the information to back it.

    I also got in contact with a few people I had wanted to interview for the film. I wanted them to espouse their views on the issue as well.

    Now the biggest hurdle wasn’t what I was going to say – it was how it was going to be said. This is a delicate subject! And yet there’s so much I want to cover. The approach is key to whether this is an interesting documentary, or a narrowly focused piece of $%@#.

    Script-wise, I’ve done the first few pages over and over and over, writing on paper, trying to find the right approach. It’s all crap, apart from the introduction. So I moved on to the laptop today, and decided to just bang on it after trying a new approach I came up with at 4AM a few nights ago.

    And this is where I’m at right now. 3 pages into the new script. I’m covering the RIAA right now, and have no clue how I’m going to tie in the MPAA, the BSA, the pirate underground, whilst still covering the topics of collateral and so forth. For the sake of streamlining, I’ve jettisonned alot of what I was originally going to discuss.

    Expect no more updates. The rest is going to be underwraps until the script is done and I’m ready to film. Will it be done for October 2005, the original release date? Hard to say.

  • Popular Antispam Technique Declared Poor!

    Okay, lets revise how alog of spam harvesting gets done. Spam spiders crawl through the net, looking for a combination of “something@something.something”. Whether they crawl newsgroups; blogs; eBay; etc. – it all relies on the same principle of searching for the “*@*.*” string [* being wildcards].

    So who is the genius that thought up that writing “person [at] ISP [dot] com” would be an effective antispam technique? Now that nearly everyone uses that, spambots simply have to add a new search pattern: “* [at] * [dot] *”. Suddenly, all these people that believed they were protected from penis-enhancing pill dealers and Nigerian scammers find themselves vulnerable again.

    Just google the following for an example of what I mean:
    http://www.google.com/searc…le+Search

    I guess I’m being a little too hard. After all, if this idea hadn’t spread, it would of still been an efficient antispam technique. But I’m not so forgiving of the people who adopt this technique today, after everyone and their dog are using it.

    This is not a good way to protect your inbox.

    What do I suggest? Use variants of this overused original, or use different techniques altogether: obfuscated text with javascript; replace ASCII text with an equivalent unicode character; insert 0px wide gif in the middle of the text; make the email address an image with the text written on it [or even part]; use invisible characters in the middle of the address; etc…

  • Under Spam Assault.

    This morning, I awoke to find that a spammer had sent no less than 10 spam-comments to my blog. These were created by 2 attacking IP addresses. Interestingly enough, alot of the attacker IPs have HTTP websites and FTP servers running.

    The attacker IPs:
    68.83.28.204 – pcp01453785pcs.blurdg01.pa.comcast.net
    66.219.161.190 – jcarrell-ws-13.direct.neobright.net

    The websites those resolve to:
    http://downpour.mine.nu/
    http://burrotech.net/ [Doesn’t resolve directly]

    Are these people aware of what they’re doing? Hard to tell. The sites that these IP resolves to look pretty innate, hardly the work of some evil spammer. Both attack systems run different distros of Linux (one is CentOS, the other is Mandrake Linux); and both run Apache. Maybe this attack is being launched from a common infected PHP page. Or maybe both systems got compromised due to poor knowledge of linux security management. This second option is possible as these are both IPs appear to be those of home-servers, not professional solutions.

    Suggestions? I’m going to try to email these blokes ASAP.

    Update: I’ve succesfully contacted the second bloke. He apologised, and said he would fix the problem. I have been unsuccesful with the first person however – I can’t find his email anywhere. However, I did leave some comments at his blog, which should automatically send an email to his account.

    Update: The second bloke has stopped, but I’m now at the 20th comment submitted by the %#@$#@ first person. It just won’t stop. I’ve been forced to blacklist a particular word that is common throughout all his posts. Anyone posting that word in a comment automatically has their comment deleted; and that said I’m pretty sure normal comments will never use this word, even when referring to spam. Contact me if you wish to know what it is.

  • Audacious Phishing Scheme.

    Got the following in my mail today (yes, as one big image as well):

    It seems like someone was able to create subdirectories on an open-source software site, to be used as a phishing haven. Upon clicking the link in the above picture (via an imagemap), a person is brought onto a clone of the Paypal site. I “logged in” with a non-existing email and password. I was then asked to fill in everything from my credit card info, to my banking information, address, and even my SIN number.

    This is the second such Paypal-based phishing email I’ve received in as many months. Both were reported to Paypal.

    Update: Paypal [the real one] wrote me back to inform that indeed what I received was a fraud, and blah blah blah…