So, I understand you'd like some credit card numbers

Robert X. Cringley (or at least, the latest incarnation of Robert X. Cringley) had an amusing idea about how to deal with phishing schemes: give them the information they're looking for.

He didn't mean that you should turn over your credit card numbers, he meant that you should fill out the form with valid-looking, yet incorrect information - the idea being that phishers would have to sort through all of the data to find the real information. He reasoned that if everyone did this, phishing schemes would all but disappear. Imagine it - if they had to sort through 10,000 fake entries to find the 10 or 15 real ones, would it be worth the effort anymore? Probably not, unless someone was careless enough to put in their Amex Black number.

So, a few days ago I got an email imploring me to log in to my bank and update my information. Trouble was, it wasn't from my bank. I checked out the URL, and sure enough, it was a domain registered in the last couple of days - a fake site copied-and-pasted from the bank's site. I checked out the form, and it posted to a PHP page at the same domain - passing the username and password via the form post to what appeared to be an email script. It also passed an email address. Whoops.

I changed the email address target to one I use for junk mail, typed some gibberish in the other fields and clicked submit. Seconds later I had an email with the form fields. Heh.

It recently occurred to me that the Luhn formula, which is used to verify card numbers, can also be used to generate credit card numbers (not real ones, of course). If one were to say, write a script that generated thousands of fake card numbers and then automatically posted them using XMLHTTP along with automatically generated fake pins, then someone would have to do a lot of work to find the 'real' cards - the ones actually submitted by less tech savvy people who fell for the scheme.

And if one were to hypothetically do this to a form that also automatically emailed the submissions to the phisher, then one would have the added benefit of knowing that the phisher received tens of thousands of emails, probably to the point where their free email account collapsed.

Hypothetically.

How now, mad cow?

The USDA is drawing up plans to turn over mad cow testing to... you guessed it - beef suppliers.

http://www.alertnet.org/thenews/newsdesk/N15281038.htm

Noah's Ark found, looks just like a mountain

Perhaps next we can use satellite imagery of the North Pole to find Santa's hideout.

http://www.boingboing.net/2006/03/14/satellite_image_of_n.html

The laziest phishing attempt ever

I get a lot of spam, mostly from an older email account that I naively misused in my youth (cough). A few times a week I'll get a phishing email on that account (usually for ebay fakers), and if I have a few extra minutes I'll track down the IP of the faux-ebay server and report the activity to the host.

Today I received a phishing attempt so lazy, incompetent and half-hearted that I felt compelled to share-

-----Original Message-----
From: Support [mailto:Support]
Sent: Tuesday, March 14, 2006 1:22 PM
To:
Subject: National City Member Alert

Dear National City member,

This is official notification of your login & password are the out of date.
To renew please clicking Reply in your mail client for to mail back following information of your accuont
Name:
Accont nomber:
Logan:
Passwrod:

Thank you,
National City support center.

I tried to email my Logan, Passwrod and Accont nomber to them, but unfortunately they forgot to include an actual email address in the "from" or "reply-to" fields.

I like Katherine Harris

I find her classy. Once you look past her understated makeup, her demure persona - you'll see there's a lady with a razor-sharp mind who's ready to carve her way to the top.

And yet, Katie doesn't hide her assets. Some women in politics try to play down their femininity - concerned that a tight-fitting shirt might send the wrong message. But boys, not this lady. When she's on TV, she turns sideways. Sure, it's harder to have a conversation with the host this way - but it tells the people at home everything they need to know: "I have boobies."

It seems, however, that Katherine Harris is now in a bit of a pickle. I find this surprising. In the past I've been impressed by her record - standing up to Big Science, for example. Now, apparently it's illegal to take $32,000 in bribes from an arms dealer in exchange for promising government contracts. I didn't know this. I don't think Katie knew this. When you get down to it, it's the nebulous morass of campaign finance laws that are to blame. I say we hold these laws accountable. Yes, that's it exactly.

Which are better - pancakes or waffles?

I ask myself this question every morning, usually around noon when I awake. Clearly, waffles hold more syrup - and when you have a gallon of two-year-old Vermont maple syrup slowly congealing on the bottom shelf of your refrigerator, that's a serious consideration.

Yet pancakes are fluffy and delicious, at least if you do them up right. For those who may be shopping in the organic/health food aisle, allow me the opportunity to save you four dollars. While whole wheat pancake mix may appeal to your earth-conscious aesthetic, it tastes like sand, or maybe gluten-free muffins. Sand, or gluten-free muffins drenched in two-year-old Vermont maple syrup.

The other question that I ask every morning is, "who bad?" to which the answer is always, "I bad, I bad."