Tuesday, November 30, 2004

More phishing.

Posted by Phil Aaronson at 8:32 AM

More phishing. I went through my junk folder looking for a note from Viking (stoves). They still haven't responded to my question. That company needs to get its act together; when you sell high end stoves your customers expect a certain level of service. Yet another company bent on shooting itself in the foot. On the plus side, it was fun taking the stove apart. Its been backfiring a little bit lately and I wanted to see what was going on. There's a little spout (I've been calling it a penis, but hey) off the burner that sends gas to the igniters and its become corroded. I cleaned them, but in the process made the peni shorter. Really need to order two new burners.

Anyway here was my favorite from my junk pile of the many many phishing scams. It was for PayPal. The jist of the email was that PayPal had discovered some irregular behavior in my account. So please log in and verify that everything is ok. Here's the punchline:

... records click on the following link <a href="...202.136.18.237..." target=_self>https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</A>Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience ...

Notice the link. The href="...202.136.18.237..." is where you'd wind up, and that's not PayPal.

Sunday, November 28, 2004

Deep Sea Phishing

Posted by Phil Aaronson at 5:17 PM

I just got this email tonight, and its one of the more obvious phishing scams. I wanted to send it along, in case you haven't seen one before:

... Subject: Security Measures ! ...
We are performing system maintenance, wich may interfere with access to your Online Services. Due to these technical updates your online account has been deactivate. SunTrust recommend you to reactivate your online account. Go to Internet Banking 0000,0000,8080 by clicking this link, verify your identity as a customer of SunTrust and your online account access will be reactivate by our system...

If you clicked on the link in the message (Go to https://...) it doesn't take you to a suntrust.com site, it takes you to an unmarked IP address. They may or may not hide this on IE (there's a security hole in IE that lets you overwrite the URL in your browser). I'm not using IE. Just for fun I logged in as "screwthis" and banged on the keyboard for a password and it prompts me for my credit card and pin number. Obviously DO NOT submit a real credit card/pin number.

One of the very first programs I ever wrote in high school was along these lines. My 15 yo delinquent self wrote a program for the old PDP 11/70 that emulated the login process. It was in essence a phishing scam. I would launch it from a common game account on every terminal in the computer lab as we left class, prepping it for the next class. As people logged in, it would write their usernames and password to a hidden file in the games account, and the user would then be logged in and just think, oops, I must have logged into games. I kinda wonder what my 16 yo self growing up now would do with the internet as my playground. I remember quizzing Stephanie, then Steve on how to get the VT100 terminal to be in password mode, and not write out what you were typing.

High school computer science students come in two flavors. There are the games writers and then there are the security hackers. I was more of a security hacker. Chemists come in two flavors as well. There are the guys who want to make bombs, and there are the guys who want to make drugs. Young women in these fields are fortunately a little more mature.

Background Check

Posted by Phil Aaronson at 10:02 AM

Background checks take no time at all these days.

I'm starting a new job, and apparently they are pretty careful about who they hire (I've also got a pile of privacy related forms to go through and sign). One of the forms authorized a background check, also on it was a box to request a copy of the information they dug up on me, so I checked that. What the heck. In just a couple days, a company called HireRight verified that I graduated from University of Colorado in 1989 (5/12/89 in fact, who remembers), but they couldn't verify my start date at CU (through an automated system called NSCH?). They didn't verify my masters degree. They verified my last gig by phone but could not verify my salary.

They pulled my many addresses going all the way back to Northboro (my hometown). And then checked court records for Mountain View, and Northboro for felony or misdemeanor charges. Surprisingly they did not check Boulder, CO but then that's more of a judgment call, and harder to automate. I kept my MA drivers license while I was in Colorado so it didn't show up as a residence associated with my license. Kids, if you're experimenting with drugs in college, don't get a drivers license in that state (not that I did mind you)! And while they were at it they checked my driving record and did a credit report to make sure my nose is clean.

It all feels a little overly brotherish doesn't it?

Thursday, November 25, 2004

Just-do-it

Posted by Phil Aaronson at 6:25 AM

I thought this essay worked on a lot of levels:
http://paulgraham.com/usa.html

My favorite quote:
Oddly enough, it may not be a coincidence. Americans are good at some things and bad at others. We're good at making movies and software, and bad at making cars and cities. And I think we may be good at what we're good at for the same reason we're bad at what we're bad at. We're impatient. In America, if you want to do something, you don't worry that it might come out badly, or upset delicate social balances, or that people might think you're getting above yourself. If you want to do something, as Nike says, just do it.

(found via x180 who found it via DaringFireball)

Tuesday, November 02, 2004

Aunt Ruthie

Posted by Phil Aaronson at 9:39 AM

In a strange twist of fate, we happened upon the wake of a beloved Aunt Ruthie. My mother-in-law wanted to see the kids, so she told us to go out and let her put them to bed. We're not ones to look a gift horse in the mouth, we jumped in the car and went to Szechwan Cafe. Whether or not my wife Amanda was pregnant was weighing heavily on our minds. Its still so early we can't tell yet.

It was a Monday night, and Szechwan Cafe was full. Turns out it was a dinner for the family and friends of an "Aunt Ruthie" who had obviously died recently. As we were ordering and then eating dinner people were standing up and telling Aunt Ruthie stories one after the other. Of a trip in 1950 to Europe, back when it was still recovering from the war. Of camping with Ruthie in Tuolumne Meadows (Yosemite). A cruise was taken. The making of a "fruit" punch (it had apple jack in it and changed color as the evening wore on) was recalled from back in college I think. A joke pulled years ago about fake tattoos was retold. Amanda and I were smiling at this point, if there was a way to go, this most definitely had to be it. Aunt Ruthie certainly drank deep of the cup of life.

I didn't think much of it then. But I had some wild dreams last night that I just can't remember and when I woke up, I leaned over to Amanda and said,

"If its a girl, should we name it Ruth?"

Amanda wasn't really hot on the name, and I wouldn't have picked it as a favorite. But I still can't shake the feeling that the Universe was trying to tell us something last night. And it was good.