1st lwst agnst txt msg spmmrs

July 21st, 2004

According to this article on pc-radio.com, Verizon recently sued spammers it claims sent unsolicited cell phone based text messages to Verizon customers.

Most U.S. cellular carriers operate email gateways that forward Internet emails to subscribers’ phones using a technology known as short message service (SMS). Cell-phone spammers target those gateways with software that attempts to automatically generate valid email addresses. Because SMS limits messages to around 160 characters, cell phone spam is usually brief and invites recipients to visit a Web site or call a toll-free number for more information.

Verizon, which boasts 40 million wireless customers in the U.S., said it blocks around 50,000 text-message spams per day. The wireless firm installed a spam filtering system in late February at a cost of around $600,000, according to an affidavit filed in the lawsuit.

Under one of its pricing plans, Verizon Wireless charges users two cents per message for receiving text messages. Verizon said it would credit subscribers who have been charged for receiving spam text messages.

Microsoft IIS Security Checklist

July 21st, 2004

Interesting. As found on the Net security aggregator blog netsec a link to this nifty Microsoft IIS Security Checklist.

While I strongly prefer to work with Apache (better security and easier customization IMHO), this is a good reference for those of you who have to deal with IIS for your Web server needs.

spam for loans, spam for loans

July 20th, 2004

My email filters have been getting a workout these past few weeks with variations on the foreign based website acting as a local mortgage broker and asking for personal financial information scams. Here is an example of what one of these emails look like. The Web page for the mortgage broker is actually hosted on a Brazilian Webserver. The email posted below has been copied and pasted (with the exception of the removal of my mailserver information) as it appeared in my inbox.

Received: from [220.116.85.248] (helo=63.247.129.138)
by [my mailserver] with smtp (Exim 4.34)
id 1Blpd2-0000sc-VG
for [my email]; Sat, 17 Jul 2004 09:53:30 -0400
Received: from 236.136.244.224 by 220.116.85.248; Sat, 17 Jul 2004 17:50:01 +0300
Message-ID:
From: “Edwina Cobb”
Reply-To: “Edwina Cobb”

To: [my email]
Subject: We have approved your loan
Date: Sat, 17 Jul 2004 17:49:01 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”–1785671432408812″

—-1785671432408812
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Hi again.
I sent you an email a week ago and I want to confirm everything now. Pleas=
e read info below
and let me know if you have any questions. We are accepting your mo rtgage=
application. We specialize
in less-than-perfect cr edit, and our advisors are here to help you.
Approva1 =C2 process will take 15 seconds.

http://www.jakao.biz/green/index.php?affiliateid=3Dmailer00001″=
Just visit this link and fill in short form.

Thank you.c

Best regards,
Edwina Cobb

octant kowloon aback oldy steen cameraman deanna amtrak create thatch well=
es basidiomycetes puddingstone delectate chert apprehend yeoman hetty=20LW=
PZXTSXBI

—-1785671432408812–

————=_40F92F5B.2CF645C4–

Odd site log entry

July 14th, 2004

Recently, I started finding “username” entries in my Web stats program. At first I feared someone possibly cracked my box, but the mysterious users only visited for a short bit and they only apparently reached my Web server. The only two Web serving programs I have are Apache and WordPress. My Apache install is maintained by my wonderful webhost, while the WordPress install is maintained by me, and I hadn’t approved any other members as of yet. So, after the initial findings, I waited to see if the mysterious log entries would appear again, so I could track them. Here is an entry which recorded a username today.

68.116.223.103 //IP addy
- www.carvir //unknown fields, “www.carvir” recorded as username
[14/Jul/2004:07:31:22 -0400] //date, time
“GET / HTTP/1.0″ //HTTP request
200 23667 //HTTP code, bytes sent
“-” //Referer string
“Mozilla/3.0 (compatible)” //User Agent (this looks like a bot)

I’m not an HTTP expert, but I think after seeing this log entry, that second part where the “- www.carvir” appears is possibly where a username/password is passed along to the server.

Just for kicks here is a normal looking entry for comparison….

[IP addy]
- -
[14/Jul/2004:11:23:17 -0400]
“GET /archives/office-depothewlett-packard-summer-offer-to-recycle-consumer-electonics/ HTTP/1.1″
200 5052
“http://www.mikemcbrideonline.com/blogger.html”
“Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2″

Techie Errata

July 13th, 2004

An interesting etymology of the term Computer Bug.

Office Depot/Hewlett Packard summer offer to recycle consumer electonics

July 13th, 2004

From USA Today, by Michelle Kessler

Consumers can take old computers and other electronics to Office Depot (ODP) stores for free recycling this summer, the retailer and its partner Hewlett-Packard (HPQ) are expected to announce Tuesday.

H-P already offers PC recycling via mail. But it charges about $35 for shipping and processing…

The offer includes all brands, not just those made by H-P. From Sunday [July 18th] to Sept. 6, Office Depot will accept computers, monitors and most other peripherals, digital cameras, copiers, fax machines, cell phones, personal digital assistants (PDAs) and TVs 27 inches or smaller. Customers can recycle one product per day. A PC and its peripherals count as a single item.

Just remember, electronics recyclers usually demand a fee, so this Office Depot/HP deal is a good thing for those of you who have consumer electronics just taking up space in the basement or garage. Ironically enough, they are runing the program during the back to school rush, good marketing guys.

For those of you who are motivated enough to finally get rid of the old 486 sitting in the basement, take a minute to remove the hard drive from the case. It’s fast, simple and you won’t have to worry about others finding your old data. (Although we all know that true geeks tend to “collect” equipment and then claim that when they hit it rich, they’ll someday open a computing museum.)

Blog Advertising

July 12th, 2004

James at OTB has a summary of a Chicago Tribune article discussing the impact of blog advertising. The article is a good read about how blog advertising works and why it works so well for bloggers with healthy blog traffic.

In a similar vein, here’s this Courier-Journal (Louisville, KY) article about a lawyer who bought a Google AdWord on a competitor’s name.

A Dreary Summer Monday

July 12th, 2004

It is difficult for me to comprehend that we are already in the smack-dab middle of summer. So far I’ve been to the beach, celebrated 4th of July in Philly, purchased a purple kiddie pool and already replaced a lost-at-summer-camp bathing suit. However, as far as the bathing suit goes, I actually bought two replacements on sale since fall clothing is already on the store shelves.

Unfortunately, today is most dreary summer day. Raining since about 1am, today I’ve seen periodic moonson like downpours. It tires me just to hear the rain hitting the rooftop. Bleah.

I’m so cool…

July 2nd, 2004

I don’t need gmail to prove my nerdyness.

Hi Pablo

July 2nd, 2004

Due to the clever built-in anti-comment spam features of wordpress, your comment spam advertising your francophonic Web site which euphemistically offers a little bit of everything for everyone was immediately placed into comment moderation (and thusly deleted) because of one simple mistake you committed.

HTH. HAND. You have been IP banned. 66.98.152.93

The Cape Fear

July 2nd, 2004

As I was flying home on Tuesday, the plane was flying low and I was able to capture this image of the mouth of the Cape Fear river in North Carolina. The view had me reminiscing about the ocean and the beaches, especially of Carolina Beach and Kure Beach and Fort Fisher, of afternoons spent exploring Wilmington, NC and of living through Hurricane Fran in 1996.

sjdif.exe trojan

July 2nd, 2004

Host: 66.194.6.79
Url: /sjdif.exe
Http Code : 403
Date: Jul 02 00:03:35
Http Version: HTTP/1.1″
Size in Bytes: 1010
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312462)

This exploit appears to be new and affecting Windows machines running Internet Explorer. As of this writing, Google only returned a few hits for the sjdif.exe file. According to this Sophos information page, the sjdif.exe file is a downloading component of the Troj/Ovedil-B Trojan.

The interesting part is that a client browser was hitting my site, apparently searching for a copy of the sjdif.exe file and the Sophos information page makes no mention of the infection being *spread* by client machines. Perhaps this is a new, distributed version of the trojan?

Update: An NTBugtraq message with details about the trojan.