Meddling

It would’ve worked, too, if it weren’t for those meddling kids!

There are 614 posts filed in Meddling (this is page 47 of 62).

Woohoo, I’m gonna be rich!

Dear scammers: if you’re going to rip people off, do not put in your scam letter sentences that you don’t finish.

From: “vincent cheng” vchcheng73@w.cn
Subject: Awaiting your response
Date: Fri, 24 Sep 2010 04:23:56 +0100
To: undisclosed-recipients:;

Gracious Greetings

Am Mr.V.C.H.Cheng, of the Hong Kong and Shanghai Banking Corporation Limited, Hong Kong . I am getting in touch with you regarding the estate of a deceased client with similar last name as yours and an investment placed under our banks management. I would respectfully request that you keep the contents of this mail confidential and respect the integrity of the information you come by as a result of this mail. I contact you independently and no one is informed of this communication. In 2003 a Hong Kong businessman who was our Client, made a fixed deposit of $18.350.000.00(Eighteen million Five Hundred Thousand United State Dollars only)
Continue reading

Twitter infected with cross-site script

This is a serious #fail on Twitter’s part. This morning some clever Twitter user crafted a Twitter tweet that spread like wildfire on the service. Using an attack known as a cross-site script, the exploit soon infectet many thousands of Twitter users.

The Tweet used a simple Javascript code (the “onmouseover” command) to point unsuspecting users to a website at t.co. Then the Javascript dutifully retweeted itself using the following code (modified for safety):

http://localhost/@”onmouseover=”document.getE1ementById(‘status’).value=’RT nobody’;$(‘.status-update-form’).submit();”c1ass=”modal-overlay”/

All a user had to do was run her mouse over the Javascript code and bam, it struck.

Twitter should’ve known better and filtered out posts that include Javascript.

Update: There doesn’t seem to be anything inherently evil about this script. All it appears to do is retweet itself. Still, it shows that the more sites like Twitter and Facebook push page-rendering and other tasks out to the browser using Javascript (or AJAX) there are bound to be security holes.

Twitter has now patched their system so that the attack cannot happen again.

Smiling in passport photos

Don't dare smile

I just had two sets of passport photos taken, one at work and one at the local Costco. Both photographers told me not to smile in my photographs: that they could get rejected by the State Department’s passport processing if I were smiling. I thought that was ridiculous but to hear it from two photographers made me wonder.

Checking the Internets, I see there are differing opinions on whether this is a legitimate requirement. A few web forums say smiling is (and is not) allowed. The U.S. Consular Services in Canada office (where one would expect to find the official word) says you may smile if you wish.this is because smiling breaks the facial recognition software. Now, I would think any facial recognition software that can be defeated by the bad guy smiling isn’t worth much. I chalk it up to more security theater.

Interestingly, the Costo guy asked if my photograph was for a U.S. passport or a Canadian one. Apparently you can still smile in your Canadian passport photographs. No wonder Canadian travelers get better welcomes than Americans.

Facebook’s facial recognition creeps me out

Wouldn't you like to know?

In a process known as tagging, Facebook users have long been identifying the friends that appear in the photographs uploaded to the social networking site. Tagging involves someone selecting the area of a photograph in which a person appears and then associating the person’s name or Facebook profile to that area. It’s all been a manual process, though an easy one.

I noticed today that one of the photos in my collection I purposefully have not tagged showed up on my Facebook page today: a photo of my son on his bike. Facebook had found this untagged photo and was asking me who he was. Apparently Facebook has implemented facial recognition software.
Continue reading

99% of people can’t watch this video more than 25 seconds

There’s a Facebook scam going around that tricks users into installing Javascript on their browser. This then opens them up to all kinds of malicious activity, the first of which is to propagate the scam by automatically updating your Facebook status with a pointer to the scam page. Yes, it takes control of your Facebook account without your permission!

If you see a status update from your Facebook friends that says “99% of people can’t watch this video more than 25 seconds,” do not click on the link!

For those of you who are curious, the video mentioned is said to be a YouTube video of a macabre scene from a seriously-disturbing horror movie called Hostel 2. Not only is this Not Safe For Work, it’s not safe for anything!

Here are some technical details about the scam from Roger Thompson at AVG. Essentially, you’ll be asked to fill out a survey before you’re asked to put the Javascript on your browser. Thus, this is a phishing scam, in addition to whatever might get done to your Facebook account.

Just save yourself the trouble and don’t click on the page.

Highway patrol not getting ‘er done?

Photo by Ildar Sagdejev

After seeing this white utility van sitting the shoulder of NC540 near the Highway 55 exit for a week, I finally decided to call it in. Wednesday morning I made the call to the North Carolina State Highway Patrol (*47), tangling a bit with the dispatcher in an effort to make sure she knew where the van was. Now it’s true that earlier that morning there was an accident on I-40W near Wade that tied up traffic considerably, but that accident was almost cleared when I called and the van wasn’t going anywhere. And let’s face it: all the HP needs to do with an abandoned car is look it over and put a sticker on it for it to be towed. Takes 10 minutes at most, right?

This morning I rode by the van and it was still there, only now I noticed the driver’s side window was gone. It’s been two days and no one has taken the 10 minutes it takes to tag it and move on.

I called again this morning and spoke with a dispatcher who didn’t know NC540 had a mile marker 66.8. “What county is it in?” she asked me. While it’s true this is close to the Wake/Durham border, that information really shouldn’t have been necessary.

The patrol needs to get its act together. The leadership vacuum at the top is clearly affecting the whole organization and the cracks are beginning to show. Governor Perdue needs to show some leadership and step up efforts to stabilize this once-vaunted organization.

Bradley Manning Wikileaks case

Pfc. Bradley Manning

Speaking of spies, I’m not at all happy with Pfc. Bradley Manning and how he revealed classified information to Wikileaks. Wikileaks, not connected in any way to Wikipedia, is a site purporting to expose secrets.

While I deplore the Iraqi shooting incident revealed in the video Manning had posted to Wikileaks, I cannot get around the fact that Manning broke his oath to protect and safeguard classified information. Manning could have handled this in a way that did not expose classified information but the chose not to.

Manning is rumored to be going through gender identity issues. While the Army isn’t exactly welcoming of that behavior, it is still no excuse to reveal secrets.

Spy swap

Anna Chapman

There has been a lot of speculation on the Russian – U.S. spy swap that took place last week. Some have speculated that the exchange of 10 seemingly-inconsequential Russian spies in America for 4 alleged U.S. spies in Russia produced no real winner.

I didn’t see how that was possible seeing how one, Alexander Zaporozhsky, allegedly helped the FBI capture two of our nation’s worst traitors: former FBI agent Robert Hanssen and former CIA agent Aldrich Ames. Those two spies did more harm to American intelligence than any in history, with Ames being directly responsible for the deaths of 10 secret agents working for the U.S. in Russia. It goes without saying that Zaporozhsky did the U.S. a huge favor by tipping us off to these two. Trading ten supposedly-bumbling Russian spies for Zaporoshsky is a bargain (though maybe we should’ve kept Anna Chapman).

Still, questions remain about the whole affair. Anyone who takes anything in the spy trade at face value is fooling themselves. Back-room deals are the name of the game. I find it hard to believe that the KGB could be so inept. Even Russian officials are incredulous. And how convenient that the alleged spies’ paymaster lands in and out of one of the most porous jails in Europe, only to promptly disappear? Mayberry’s Barney Fife could’ve done a better job! Was Metsos the real target of the FBI investigation? And did a back-room deal ensure his apparently-trivial escape? There are a lot of questions to be answered here.

Like most spy cases, it’s what we haven’t been told that really matters. It will be interesting to see what further details emerge from this not so cut-and-dried case. The spy swap itself may only be the beginning.

Hoyle’s hijacking H1840 is worse than reported

Sen. David Hoyle (D-Gaston)

I have a correction regarding H1840. Sen. Hoyle did not gut H1840 of it’s extension of the e-NC sunset provision. However, Hoyle did tack on his moratorium language to the existing e-NC language. This is even worse than if Hoyle had gutted H1840, because the bill appears innocuous when it really isn’t.

My confusion resulted from Hoyle’s last-minute addition of the bill to the Senate agenda. It seems there is no such thing as sunshine in the state Senate.

Free iPad scam

A neighbor of mine unwittingly sent the following email to a neighborhood email list:

I just became an iPad apps tester, and thought you might like to try it out. Here’s an invitation to become a tester too. They say you can keep the iPad when testing is finished. Grab it!

——————————————————————

unsuspecting.user@gmail.com has invited you to candidate as an Apple iPAD software tester.

To accept this invite and sign-up as a tester, click on
http://www.apps-Research.com/

If you haven’t already heard about test Apple iPAD Apps, we are a program that helps Apple iPAD applications developers make better Apps, by finding testers.

– We are looking for 5000 Apple iPAD apps testers
– No fees, costs nothing to you
– Test iPad apps for 2 months
– Send weekly reports, suggestions
– You may keep the iPad at program completion
Continue reading