...making Linux just a little more fun!

<-- prev

The Linux Launderette


(?)Staffing Manager--Hampton, VA
(?)Re: [LG 93] help wanted #1
(?)Department of Homeland Security funding Open Source projects
(?)[OT]Intelligence test for fluent-in-English crowd (not me, apparently)
(?)The usual brilliant Redmond strategy: checkmate in two moves
(?)Like, it's so totally Val
(?)Re: [LG 122] 2c Tips #4
(?)Cartoon about blogging
(?)I caught an amusing phish from the eBay...

(?) Staffing Manager--Hampton, VA

Fri, 03 Feb 2006

From Susan Brown

(!) [Jimmy] I just find this incredibly amusing... but, I am easily amused :)


If you are a superstar and have exceptional customer service skills, come join our professional team!

$SPAMMERIFFIC Corporate Resources is currently seeking a top-notch staffing manager to work with our light industrial team. This is a staff position located within $SPAMMERIFFIC.

$SPAMMERIFFIC Corporate Resources is a regional market leader in the delivery of diversified, high quality employment services. We offer a complete range of employment opportunities: temporary, temporary-to-hire, direct-hire and contract. $SPAMMERIFFIC specializes in placements for administrative and clerical positions, accounting and finance, legal/medical, mortgage/insurance, professional/technical, light industrial, and engineering. $SPAMMERIFFIC brings top-flight companies and outstanding professionals together. We care about character and quality, and our passion is to match the world's most innovative people with the world's most innovative companies. And we strive to do it better than anyone else!

Position requires; strong organizational skills; ability to work as part of a team; strong communication and time management skills; a drive to succeed; ability to multi-task, good follow through, and professional demeanor. This position offers a competitive pay structure including commission and benefits! E-mail resume and salary requirements to head_spammer@spammeriffic.com.



The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.

(!) [Jimmy] I love these... I think I'll collect the whole set :)

(?) Re: [LG 93] help wanted #1

Sat, 04 Feb 2006

From Jerry Matheny

(!) [Jimmy] Ah. I guess Ben changed the old list addresses in the back issues...

Are your the "Big D from LV"?

(?) Department of Homeland Security funding Open Source projects

Wed, 15 Feb 2006

From Benjamin A. Okopnik

From Bruce Schneier's "Cryptogram":

The Department of Homeland Security is funding the security of open-source products, including Linux, Apache, MySQL FreeBSD, Mozilla, and Sendmail. I think this is a great use of public funds. One of the limitations of open-source development is that it's hard to fund tools like Coverity. And this kind of thing improves security for a lot of different organizations against a wide variety of threats. And it increases competition with Microsoft, which will force it to improve its OS as well. Everybody wins. http://www.eweek.com/article2/0,1895,1909946,00.asp

(!) [Jimmy] This spawned a long thread...

See attached dhs.html

(!) [Jimmy] There was also a lengthy thread about the use of flash in LG

See attached flash.html

(?) [OT]Intelligence test for fluent-in-English crowd (not me, apparently)

Mon, 06 Feb 2006

From Predrag Ivanovic

Check this out:

I would love to see your answers(I got 8/33 :-( ). This is hard.

(!) [Jimmy] I was talking about this sort of thing with a girl I know the other day. To really know a language, you have to know the popular culture in that language, the kinds of things kids learn, etc. To her credit, she has been reading some English-language fairy tales -- I can think of quite a few movies and books that would make absolutely no sense if you had never heard "Little Red Riding Hood", for example.
At least it says "if you excuse the cultural bias".
(!) [Brian] But perhaps not biased enough. I didn't see "50 W to L Y L", nor did I see "1 is the L N". Even though I went to a school where rugby was played (although my mission was to drink the beer), I missed that one (and several others)
There certainly should have been "2 W on a P", in our context.
(!) [Jimmy] I'll bet you didn't get 3 B M (S H T R): 3 blind mice (see how they run). "39 B of the O T" nearly eluded me, as I was raised to consider there to be 45, not 39 :)
(!) [Breen] Cultural bias indeed. I don't think many on this side of the pond would have got 6 B to an O in C. (I did but I'm eccentric...)
(!) [Frodo] LOL - I guess you are in a minority indeed with that answer, in North America. :)
The one that took me longest was "9 P in S A" - I was never taught that fact in school. :)
(!) [Breen] I noticed the O T ambiguity, too.
(!) [Frodo] The only reason I got that one, was cause it said "66 B of the B".
(!) [Jimmy] Erm... still the same thing, because C have the 6 B of the A. :)
(!) [Jimmy] Oh... 25/33 :)
(!) [Breen] 30/33 here.
(!) [Frodo] Almost ashamed... 33/33
My love for trivia quizzes and such helped, I guess.
(!) [Breen] Quizzes like this have been around for quite a while - I first saw one about 25 years ago in Games Magazine - it even had some of the same questions.
(!) [Sluggo] But what does this have to do with intelligence? It's just recognizing pop phrases.
(!) [Jimmy] Not really. Many of the items were facts that most people should be able to recognise: 90 D in a R A, 24 H in a D, etc. Some were extremely culturally biased: I only figured out "6 B to an O in C" after Breen mentioned being on the wrong side of the pond for it :)
(!) [Kat] The process of "solving the puzzle" is a certain sort of brainpower. Sorta.
Meanwhile, I've managed to get to 32/33, but #30 is still eluding me.
(!) [Ben] [grin] So how many did you get, Mike? As it says at the bottom, it tests verbal ability and linguistic pattern recognition - which are, in large measure, what many IQ tests consist of. You should do pretty well.
Me, I'm giving up after spending most of an hour on it; it's obvious that I'm dumb as a brick. :) On the other hand, I've got a strong suspicion that the four I didn't get (14, 19, 30, and 31) have to do with things that I just have no clue about - i.e., I think 31 has something to do with cricket, and 19 is some damn special version of 'unlucky Friday' that I just can't get.
(!) [Brian] And of course I suffer the fate of smartasses everywhere. A flip answer springs to mind (say, "13 Levels in Barad Dur"), and the true answer has no route past the image thereby entrenched.
(!) [Ben] [LAUGH] Yeah. I got hung up on the whole Bible-related tone of the thing for a while (how the heck would I know about that stuff, other than just having basic familiarity with the context and the poetry of the thing?) - couldn't get past "in C" looking like "in church" every time I looked at it.
(!) [Brian] But those sorts of teasers are fun, although I suspect far less indicative than some believe.
(!) [Ben] It's not usually the type of thing that I'm into - although this one was fun. I used to do the NY Times crossword puzzle on the way to work when I was living in Brooklyn. The train took 52 minutes (+/- a minute or two) from my stop to 34th Street in Manhattan, and I could usually finish it before I got off the train - although Fridays were tough (about 50/50). I don't know if they still do this, but the crosswords in NY Times used to get progressively harder throughout the week.
(!) [Kat] Yes, they do, so far as I know.
(!) [Breen] They certainly do. Saturday is the toughest. Sundays are sui generis - a completely different sort of puzz (besides being 21x21 instead of 15x15). [I also hang out online with puzzle constructors.]
(!) [Kat] Incidentally, when I passed this link on to a puzzle-loving friend, I was informed that it's actually copyright Games magazine.
(!) [Breen] Right - although you can't easily copyright the type of puzzle, many of the clues are right out of the original in Games lo, these many years ago.
(!) [Sluggo] I think I've said it before, but...
Two plus two is four
Four times three is twelve
Twelve inches make a ruler
A famous ruler was Queen Elizabeth
Queen Elizabeth sailed the ocean
Oceans have fish, fish have fins
The Finns fought the Russians
Russians are red, so fire engines are red
'Cause they're always rushin'
'Course, when did Lizzie I ever get in a boat? Or is this II?
(!) [Jason] Got about half of them, the gave up/got bored. Tried to look in the javascript to see what the answers were for the ones I missed, but they were smart enough to use SHA1. But we know the first letter of each word, and only a couple words are unknown for each question, so a dictionary attack is probably feasible...
(!) [Thomas] B T C, J. :) For the record, I scored 25. It's not an intelligence test in the slightest mind -- so don't feel bad about any of it.
(!) [Jimmy] It only dawned on me yesterday what "100 C in a D" was. While I was shaving. Ouch!
(!) [Rick] It's a bit culture-biased, isn't it?
(!) [Kapil] Some entirely outrageous ones have been included in an effort to make the test more "culture-inclusive". One of my friends discovered what "9 P in S A" was and even with "Google Earth" or the equivalent I wouldn't have ever known enough to answer that.
In fact, some of the culture-specific ones were easier for me because I assumed that the author of these tests had a certain cultural bias and factored that in into the guesses I made. So even though I didn't know (e.g.) that there were "39 B in the O T" I could guess the answer and then the web page (with JavaScript enabled) verified that my guess was correct.
I liked the way the author of the tests had made them impossible to cheat on. Maybe it is now standard practice for on-line tests but it was a new one on me.
(!) [Rick] But, e.g., the Brits might find "100 P in a P" somewhat mysterious.
(!) [Jimmy] 100 peas in a pod? :)
(!) [Jay] It's harder when they don't have the intelligence themselves to parse the responses only for keywords. If leaving out the number they put on the prompt from the reply makes me wrong, I'm smarter than they are, and I can't be bothered.

(?) The usual brilliant Redmond strategy: checkmate in two moves

Mon, 23 Jan 2006

From Benjamin A. Okopnik

(!) [Jimmy] This thread kept going...

Yes, but for *whom?*


Seems that Vista is going to require machines with more resources than (my estimate) half the US population, and probably 95% of the people in the rest of the world, own.

To be sure, Microsoft has said lesser computers will still be capable of
running Vista, just with some of the special features that differentiate
it from older versions of Wind0ws automatically turned off.

"Lesser" computers? I love it.

Dell has a section on its Web site, at www.dell.com/vista, which
highlights computers the company recommends for those planning to
upgrade to Vista. For models for the home and home office, the
recommended desktop is priced at $1,749. The laptop costs $2,699.

Better and better, every day. Y'all ready to rush right out and buy the top-buck gizmo of the day?

(!) [Pedja] Ben, Vista is scheduled to launch at Christmas this year,right? Do you think that is a coincidence? By that time, "Vista-ready" computers (Micr0$0ft's recommended hardwareX2) won't be all that uncommon,and Christmas shopping madness will do the rest. Same story was when XP launched, what, 5 years ago?

(?) It's the same old formula that Micr0s0ft has been using all along - however, at this point, it's been turned on its head. Yes, the US is where most of the computer buying power is - but the top of the market is by far not the only buying public out there. Neither Joe Average in Chicago nor his cousin Giuseppe Averaggio in Milan (nor most of their other relatives all over the world) can afford to just toss their current system just because Micr0s0ft has decreed that they should; aside from the expense, other considerations - e.g., the hassle of installing all the new hardware, dealing with replacing anything that fails to work, adapting to the new system, "upgrading" the software that turns out to be non-compatible with their new OS - make it a very low-percentage game. Yeah, there are new adopters all over the place - but many of those have already installed Linux, anyway. Yeah, there are companies that, for various (generally non-technical) reasons will "upgrade" to Vista... but given the general awareness of Linux now, and the fact that people realize that changing over is going to require adapting anyway, there's a certain (and I believe, large) percentage of people that will decide to get out of that game and switch to Linux.

This is besides the fact that there are more and more companies and individuals switching over every day.

(?) (*Don't* anybody breathe. If Micr0s0ft actually falls for this one, we're home free.)

(!) [Pedja] Will you please explain?

(?) Sure. If you don't have a whole lot of spare cash, and your computer is becoming less and less useable day by day (remember what happened shortly after XP appeared?)

(!) [Pedja] Yes, the hype was massive. "The only OS you'll ever need,mangles your files and cures cancer (has dancing hamster in technicolor, too!)". Heh. That's madness, I tell you, madness...

(?) - and particularly if you need to produce documents, etc., for business purposes _and can't_ due to progressive OS/software incompatibilities, then where are you going to go? This kind of heavy-handed, bull-in-a-china-shop moves by the Redmond folks drive wagonloads of people over to Linux, and from a certain cynical perspective, I'm actually glad to see them doing it.

(!) [Pedja] Arrogance will bury them, DRM and 'trusted computing' too. Imagine Joe Average User trying to rip his S0ny 'enhanced' CD using WMP 11, or installing 'unapproved' software to his brand new Vi$ta machine, and failing. Imagine man realizing that he is 0wned and his freedom to do whatever he bloody wants with things he payed for, taken away from him 'for his own good'. Imagine his anger and frustration. And then he hears of this Linux thing, which has its own quirks, but it's all about freedom. Is this a dawn of the new era, Ben? We can only hope so :-) .

(?) Like, it's so totally Val

Fri, 10 Feb 2006

From Mike Orr

http://seattlepi.nwsource.com/theater/259118_wedding11q.html Review of "The Wedding Singer" play, a 1985 cliche-o-drama

(No, I haven't seen it.)

(!) [Jimmy] Looks like it's based on the Adam Sandler movie.
On a similarly 80s note, I whiled away the hours at work last night listening to The Cure's Greatest Hits :)
(!) [Thomas] Which? Staring At The Sea was a nice album.
(!) [Jimmy] Greatest Hits. It's a CD/DVD package.
(!) [Thomas] Talking of which, I'm listening to The TearDrop Explodes. I much preferred Julian Cope's solo work -- but it's still good, nevertheless.
(!) [Jimmy] Never really got into them, though I do get mixed up between them and Echo and the Bunnymen, for some strange reason.
I suppose I'll find out when my sister gets into them -- she has a bad case of 80s envy :)
(!) [Thomas] That's not so strange when you consider that Ian McCulloch who was a brief member of The Teardrop Explodes, went on to be the lead singer for Echo and the Bunnymen.
(!) [Jimmy] Ah. Well, Dave Fanning (Ireland's closest equivalent to John Peel) used to play them, but at the time I was more into grunge and punk[1] stuff.
I miss those simpler times, when MTV played music, and everything was on one channel, so you were exposed to different genres instead of just whatever's in favour with 14 year old girls today.

(?) My friend is a writer for Time, which owns People. He says People is by far the best selling magazine in the industry. I couldn't believe it, who reads People? But it's all those women in check-out lines picking it up.

(!) [Jimmy] Don't forget doctors' and dentists' waiting rooms!
(!) [Thomas] This is true. I can remember, about six/seven years ago when my parents first got sky. The MTV2 channel back then would just play continuously in one hour slots, listeners' requests for music videos.
(!) [Jimmy] Eek. I'm thinking about, say, 11 years ago when there was just one MTV Europe, and everything was... well, like MTV2 as you described :)
They did have some oddball programmes with the odd live band, but mostly it was music with a minimum of chatter.
(!) [Thomas] Typically there'd be fifteen songs in an hour. It was great. The ecclectic mix of music and genres was indeed an eye-opener.

(?) There's a new American radio format like this, although it's programmed rather than requests. They have a large playlist of a wide variety of rock genres (60s-00s), and they play them in a random order even if it puts dissimilar songs next to each other. Supposedly it's popular because people are tired of the same old songs again and again. It was started by one network ("JACK FM") but there are other stations doing it too. The LA station has the most interesting website: http://www.931jackfm.com

(!) [Thomas] Alas, the format is no more -- and it has gone the American way of: "Random talking with whiny Amercians is what the people want, whilst getting out of playing music."
(!) [Jimmy] Well, they still have those kinds of programmes, but only at insomniac hours :(
They even have a metal show that plays videos by bands like Nile. Much as I love them, I don't understand why they bother to make videos, knowing they have such a limited appeal.
(!) [Jimmy] (Queens of the Stone Age's "Songs for the Deaf" album has fake American DJ banter between songs. One of the best goes "K.L.O.N. - Clone Radio. We sound more like everybody else than anybody else". Rings oh-so-true :)
[1] Though probably not anything Mike would consider to be punk, apart from the Sex Pistols and the Ramones. Maybe :)
(!) [Thomas] Patti Smith.

(?) Haha. I have a soft spot for the early "non-punk" punk bands like Blondie. But for later punk, it's gotta be like early 80s oi/punk or I'm not interested. Innovation is fine -- psychobilly is cool, and I'd like to hear more punk/surf (Agent Orange). Just keep the same tempo and stacatto. And my adversion to metal influences in punk remains.

(!) [Jimmy] I like the hardcore stuff... punk, but faster, and with musical ability. But, as I've said before, that stuff didn't come from having metal influences; if anything, the reverse was the case.

(?) Hardcore is too monotonous for me. No, it didn't come from metal. I'm talking about metal influences on individual bands or the punk/metal hybrids, as well as Motorhead and AC/DC sneaking into punk bands' repitoire. Like this one local band Contingent an acquaintance sings in. It's called hardcore. Um, no it isn't.

(!) [Jimmy] Well... you can't really help AC/DC slipping in as an influence for almost any rock band since the 70s. Or Spinal Tap :)

(?) Not just an influence. Dropkick Murphys actually perform AC/DC songs at shows.

Punk attitude: angry losers
Punk music: fast but not extremely, stacatto, unique rhythms and vocal styles
Punk look: trim and tight

Metal attitude: arrogant
Metal music: outgrowth of hard rock (Zeppelin, Hendrix, psychedelic),
non-danceable, frequently screaming vocals, quasi-ballads
Metal look: scruffy

Post-punk attitude (grunge etc): resigned losers
Post-punk music: a wide variety, borrows more from rock
Post-punk look: scruffy, slacker (plus a lot of other variations)

Notice the difference?

(!) [Jimmy] Sure, not that I agree :-P

(?) I've actually been going back to my New Wave roots. Missing Persons, Bowie, Duran Duran, the Police -- all monstrosities I've re-acquired recently. My own personal 'fuck you' to the record industry (see SWF thread) and the output of most current bands. Plus a little bit of "real men do listen to new wave (and eat quiche)" rebellion.

(!) [Jimmy] Eep. My roots are bands like Smashing Pumpkins and Soundgarden, so there's not much digging for me to do.

(?) Actually not digging. The record stores are giving them away for $4 because nobody wants them. Your stuff would be at the recently-inflated price of $9 (used). Plus I can get them on vinyl rather than CD, so I avoid the CD premium.

(!) [Thomas] This is something I am seeing a lot here too. What I would class as "good" music is being put in these so-called "bargain buckets" as a quick sale. Bands like 'Love' are always in there. It's even more a shame in that although 'Forever Changes' as an album is rated very highly, it's also degraded -- it now has a label of being "passed its time", simply because it's so common to see it in these bargain buckets.

(?) I couldn't believe an ad I saw yesterday, offering The Clash and other classic albums for the "great discount price" of $8.99. Ahem? For albums that have been out for years and have long paid for themselves and should now be worth $6?

(!) [Thomas] See above. I found my copy of Mellow Candle's Swaddling Songs that way. :)
(!) [Jimmy] Hmm. I don't mind buying remastered albums on CD for more than they would be worth normally, as long as there's something other than a fresh mix. A few of the early Cure albums now come with a second CD of outtakes etc., which is worth it (and makes me glad I didn't rush out and buy them a few years ago :)
The worst thing about listening to metal is that metal labels like Roadrunner are really into ripping off fans: every album is released twice; first in a jewel case, then six months later in a digipack with bonus tracks. It's impossible to tell in advance whether or not the bonus tracks are worth waiting for -- more often than not they're just live tracks -- but it really seems like a punishment for liking a band enough to buy their album as soon as it comes out.

(?) I made that mistake once with Radiohead's "Hail to the Thief". Both versions were released simultaneously, but I wanted the "special" artwork in the cardboard case, which turned out to be nothing special.

(?) What's funny is, new wave albums will soon become collectors' items and disappear from the record stores, and reappear on eBay for $100 each. Even ones that you thought should never have seen the light of day. I thought a lot of used stuff like the Clash would always be plentiful, but it has already disappeared into collectors' hands, at least around here. If I'd've known that, I would have kept all the records I'd gotten rid of over the years. I had all my CDs stolen in 2000, and some of the Industrial stuff is practially irreplaceable now.

(!) [Jimmy] Well... my CD collection has basically been merged with my brother's. Not a problem while we're both at home, but I'm moving out next week... I'll probably just leave my CDs here rather than go through the inevitable "who owns what" arguments. (And partly because I'd rather use my MP3 player, and don't own a CD player anyway :)
I was never really into buying things for the sake of collecting -- I'm more interested in the contents than the physical item -- but there are a few albums that I'm glad I own on both vinyl and CD because of the artwork. If I ever find "Master of Puppets" or "Reign in Blood" on vinyl, my normally subdued collector's instinct will take control :)

(?) I generally don't collect things for resale. It's more a matter of keeping things you'll never find again, that you're likely to want later. Or if you like a certain subculture, building up a "complete" collection of used items over the years. ("See! I got all of this used. This one came from a thrift shop, this one from a garage sale, this one a friend gave to me, this one I got while visiting England, this one a friend brought me when he was visiting the US...")

But in the 80s and 90s I was moving a lot, so I was more interested in being portable and lightweight than saving stuff. In high school, My cousin came to live with us with all her possessions in a Volkswagon, and I thought, "Wow, that's cool." I never managed that, my moves went up from two pickup truckloads to four, but that's mainly coz I have furniture now. [1] In high school (1982) I could always find 60s old album I wanted used, from Beatles to Kinks to Jefferson Airplane, and I loaded up on Rush. I just assumed that would always be the case, so I unloaded anything I didn't have an immediate want for. But I didn't anticipate how short-lived the Industrial and Ambient eras would be or how quickly the material would disappear. Maybe it's just coz I moved from mainstream music to obscure music, and that always happens with obscure music.

[1] Henry Rollins' bed story is so funny. He had a favorite futon that he used for eight years, so it was all scrunched down now. His girlfriend saw it and said, "Henry! You can't sleep on that! We have to get you a proper bed." So she dragged him to the bed store. He told the clerk, "I've never shopped for a bed before. How do you do it?" The clerk said, "Just lie down on several till you find one you like." So he did, and one bed was so comfortable it talked to him, "Come to Henry!" So he bought that one. But he couldn't bear to get rid of his beloved futon, so he kept it under the bed.

(!) [Jimmy] Though I have managed to track down some obscure Irish bands recently: Scheer were the most recent :)

(?) Re: [LG 122] 2c Tips #4

Sat, 07 Jan 2006

From Daniel J. Priem

For such problems i use
smart boot manager.
(!) [Rick] So close to a senryu, and yet so far.

(?) Cartoon about blogging

Sun, 29 Jan 2006

From Jimmy O'Regan


(?) I caught an amusing phish from the eBay...

Fri, 17 Feb 2006

From Benjamin A. Okopnik

Here's one that might get past a number of people; other than the way-too-crude XSS attack imitation, it's going to be rather effective for a certain segment of the population.

About a day ago, Kat put up some of our boat cruft up on eBay. Last night, I got this email:

Your registered name is included to show this message originated from eBay.
Learn more.

[hdrLeft_13] Question about Item -- Respond Now                             eBay
  eBay sent this message on behalf of an eBay member via My Messages.
  Responses sent using email will go to the eBay member directly and will
* include your email address. Click the Respond Now button below to send your *
  response via My Messages (your email address will not be included).

   Question from rubyndao                 [s] Marketplace Safety Tip Marketplace Safety Tip
  This message was ! sent while               Always remember to complete your transactions
  the listing was active.                     on eBay - it's the safer way to trade.
  rubyndao is a potential buyer.
                                              Is this message an offer to buy your item
                                              directly through email without winning the item
  Hi,              ********************       on eBay* If so, please help make the eBay
                   *Respond to this   *       marketplace safer by reporting it to us. These
  I would like to  *question in My    *       external transactions may be unsafe and are
  know S&H and     *Messages.         *       against eBay policy. Learn more about trading
  also if you      *                  *       safely.
  have a buy it    *http://           *
  now              *contact.ebay.co.uk* 
                   */ws/eBayISAPI.dll *
  Thanks           *M2MContact&item=  *       Is this email inappropriate* Does it breach
                   *4589070441&       *       eBay policy* Help protect the community by
  Ruby             *requested=        *       reporting it.
                   *yamama_r6&qid=    *
                   *1470018712&       *
                   *redirect=0&       *
                   *sspagename=       *
                   *ADME:B:AAQ:UK:2   *

* *
  Thank you for using eBay

  Learn how you can protect yourself from spoof (fake) emails at:
  This eBay notice was sent to kvnmtchll200@aol.com on behalf of another eBay
  member through the eBay platform and in accordance with our Privacy Policy. If
  you would like to receive this email in text format, change your notification
  See our Privacy Policy and User Agreement if you have questions about eBay's
  communication policies.
  Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.html
  User Agreement: http://pages.ebay.com/help/policies/user-agreement.html
  Copyright  2005 eBay, Inc. All Rights Reserved.
  Designated trademarks and brands are the property of their respective owners.
  eBay and ! the eBay logo are registered trademarks or trademarks of eBay, Inc.

Notice anything unusual? Here are a couple of things that sent up red flags for me right away:

  1. "Your registered name is included to show this message originated from eBay." Really? Where is it, then?
  2. "This message was ! sent while" - I don't think that eBay formats their messages per the Jargon File.
  3. "Respond to this question in My Messages" - these are supposed to be _my_ messages, and it shows an eBay.uk address? Uh-huh.
  4. "This eBay notice was sent to kvnmtchll200@aol.com" - sure, I've been using AOL all my life; I've just been hiding it from my friends. [sob] I'll go kill myself with a plastic fork now!

Best of all, though, is what happens when you load it up in a browser (I'll include the HTML just so those who are interested can play with it):

(!) [Jimmy] Warning! Certain browsers try to render this!


See attached phishing-source.txt

Take a careful look at that "Submit" button link:

<A title=http://contact.ebay.co.uk/ws/eBayISAPI.dll?M2MContact&amp;item=4589070441&amp;
onclick="return ShowLinkWarning()" href="http://www.varzavarzarau.go.ro/ws/ws/arribada/issapidll/
sruproductsidfavoritenavmigrateVisitor/SignIn.html" target=_blank onfiltered="return ShowLinkWarning()">

So, the button is going to pop up a little label saying it's from 'ebay.co.uk'... but it will link to (and your bottom bar will show it as) the 'www.varzavarzarau.go.ro' address. Clicking on it takes you to a look-alike eBay login page... except that there are a couple of those minor quirks, much like the page above, in it.

Naivete costs money - and these days, it happens at Internet speeds. :)

(?) Oh, to expand on the "XSS" bit: what made it crude is that it was missing one of the critical components of XSS. If you look at the URL in the address bar when the ostensible "eBay loging page" shows up, it's that "www.varzavarzarau.go.ro" one, with a very long tail on it. In an actual XSS attack, once you get that far in the process, there's almost no way to tell - since you're actually at the page where you think you are, but you're "piped through" someone else's machine.

Talkback: Discuss this article with The Answer Gang

Copyright © 2006, . Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 124 of Linux Gazette, March 2006