"Jigsaw is the world's most reliable crowd-sourced database of B2B business contacts."
This was extracted from a SalesForce email advert. The mind boggles.
Spammers quickly adopting social media
4 hours ago
|
I've been a sort of unwilling member of Classmates.com for a long, long time. I don't really remember why I signed up, but I did, getting the "free" version of the site. They spent many years trying to convince me to upgrade, using various methods and tricks which have been widely reported and complained about, though that hasn't appeared to make them change their minds. I especially loved the "your classmates are looking for you!" ones, since I hated just about everyone in high school and they hated me right back, so that they would be looking for me is unlikely in the extreme. (and the ones that didn't hate found me on....yup, Facebook). I've ignored the deluge of Classmates mail for years, marking it as spam when I remembered to.
Today something tripped my trigger and I decided I wanted off their mailing list. It's of zero value to me, so I looked at their email to see how to unsubscribe. I was pleased to find a removal link at the bottom of the page. Okay, great!
*clicky*.
UH OH! Looky here!
Log In
Already registered with Classmates? Log in below.Not registered? Click here.
What's wrong with this picture? A CAN-SPAM violation, you say? You'd be right. A glaring one, that puts them in direct violation of Federal law. You'd think a company that has had a class action suit for fraud filed against them (which they settled to the tune of 9.2 million dollars but... did not admit any wrongdoing) would be interested in not pissing off the Feds.
I note with interest that they have changed mailing methods since the last time I had a reason to look at them. They used to use Verizon Business but for whatever reason (I don't know the reason for sure, but I can speculate, and I am, I am!) are now doing their own mailings, using IPs leased from Level 3.
Since I don't know the password, I cannot unsubscribe, so I guess I will just continue to mark their mail as spam, and perhaps see if I can find my buddy at L3 and see if he can talk some sense to them.
Grmph. Some days I wish I could still whack spammers when I am grumpy.
|
[Edit: it appears that the site I reference has gone down under the load of people looking at it - I am in no way the only person linking to it and I think the poor guy got slashdotted. It is also referenced here at SANS, and a video here.]
When I can look at a new attack vector and think "oh, CRAP" and "wow, that's really clever!" it's cause for concern. Check out this thing I just found, called "tabnabbing". It changes your tab after a while, to look like the site they want to phish you for.
Say you have a few tabs open, and you click out of the site you're in...while you're not looking, it will turn into something else, something you often use, like Gmail. You'll look at the familiar page and think "Oh, well, Gmail logged me out. Annoying, but it happens," and you'll log in, giving the phisher what he wants. Try it - load the page that explains this exploit, click out of it to another tab, and watch the original tab. Within 5 seconds it will be "Gmail". Look at the URL in the address bar - it's not Gmail at all, but in every other respect it looks exactly like it. That page is benign, as it is an example, but it will clearly display how sneaky this is. This exploit relies on human visual memory and the fact we are creatures of habit. It will work like a charm.
Time to start paying attention to the URLs of pages you already opened. Please spread this around as widely as you can! This. Is. Not. Cool.
..except, in that "respect your enemy" sort of way, it really IS cool.
|
Ive been watching the iPad launch and first adoption with interest and some dismay. Some of my friends, who definitely qualify as Major Geeks, bought one and absolutely love it, while being aware of its limitations. Fair enough. I can see a parallel there with me loving my Saturn sedan, even though it is not a sports car; it does certain things very well, and I am happy with that. It's not the geeks that have me bothered anyway: they know what's going on and have made educated choices.
What bothers me about it all is the sort of sheep-like acceptance by the general population of the walled garden it represents. I never like to see people blindly accepting restrictions of personal freedom, though one could argue successfully that most people don't need more from their "Internet experience" than what an iPad can provide: an easy way to access Facebook, watch some YouTube, check mail, play some games. And the subtle beauty of it is that it doesn't need all the maintenance and patching that a Windows box does, nor does it need geek know-how to run like Linux does. It's simple, easy, safe, and relatively inexpensive. Perfect for approximately 80% of the users out there.
So I find myself in a bit of a personal quandary. I dislike the creeping resurgence of the walled garden - AOL was the training wheels for the internet and I had idealistically hoped that one day people would grow past the need. I was wrong. I watched this video and died a little inside.
As a geek and amateur security nerd, I have to appreciate the popularity of the iPad. It will, one can only hope, reduce the number of infected PCs and pissed-off users, and slow the dissolution of the Internet a little bit. As a person who is acutely aware of the concept of "use it or lose it" as it applies to personal freedom, I am deeply dismayed. Which is more important, in the end? Safety or freedom? I know which I'd choose for myself, but which is right for the mass of users out there? And at what ultimate cost?
As usual, I do not have the answers. I only have questions that keep me awake at night.
|
Madkins - May you love California as much as I do.
|
The second half of my Unica interview with Len Shneyder is now up. It was fun to do, and I hope that y'all enjoy it and maybe find something useful in it.
Thanks for the intervention with the weather gods, people! It's stopped raining, for which I'm certain my Bostonian friends are grateful. That chugging noise you hear is the sound of many sump pumps running at full capacity.
..that exploding noise you heard was my head, trying to get Excel and SQL stuffed into it. Anyone know if there's a better book than Excel for Dummies out there?
|
In lieu of actual spam-related and thoughtful content, this will have to do. It seems to me to be a spot-on diagram of what I hear my friends complaining about all the time. (I'm not a programmer but it happens to me also!)
In case Blogger doesn't do what I expect it to, the image was found here.
|