Annoyed by a guy called Jake Rushton

Posted on August 9, 2010 by Randi Mooney

Jake Rushton was a developer who until recently published a bunch of popular free plugins for WordPress. Giving away free software is normally the domain of “freetards” like myself, however Jake seems to have something of a business-mind, since his plug-ins have rather a sneaky way of earning him back some money:

Jake’s plug-ins pull a really mean trick since it’s not immediately possible to determine what his plug-ins actually do aside from their stated function. For example, I installed a plugin called “jr_ratings” There’s no obvious opt-in or opt-out on the configuration panel page, only the ambiguous text: “Show Plugin Support?”, what do you suppose this option does?

Did you guess that if you fail to disable that option, said plugin support actually incorporates about 25kb of link-spam appended to the bottom of every page on your site. This is some really sneaky stuff, no wonder Jake Rushton’s entire body of work got removed from the WP-Plugins collection.

I also found a discussion on the WordPress Tavern discussing Jake Rushton’s products, surprisingly the author joined the discussion and attempted to excuse his behaviour as a simple innocent misunderstanding of the WordPress community policies.

If this forum can be believed, Jake does not intend to develop for WordPress any more, instead he plans to port his collection of plugins to Joomala. I cannot say he will be missed, since I’ve just had to spend the last hour or so tidying up one of his spammy plugins which was messing up one of my client’s sites. Since the original plugin was released under a GPL license, I can point anybody who wants a less spammy version of JR_RATINGS to my own version.

Posted in PHP | Leave a comment

The Big Three parties on Digital Rights

Posted on April 29, 2010 by Randi Mooney

The manefestos of all three big political parties include policy proposals which will affect our digital rights. By Digital rights I’m talking about the human-rights, laws and prohibitions which affect the way we use the Internet and the ways that government, companies and others can use data about us.

So what do the big three parties have to say about digital rights? I read through all manefestos to bring you this summary.

Let’s start with labour, traditionally the party which championed the rights of the common man. They propose to invest in a super-fast broadband network with the capability of delivering a two-megabit per second connection to every home on the British Mainland. Their goal is universal access to the Internet. That was a good start – it gives the impression of a party that is starting to recognize the importance of Internet for all, unfortunately the rest of the manifesto did not make for such pleasant reading.

Labour are committing to expanding some of their most controversial programs, most notably the compulsory national ID card scheme the “contactpoint” unified government database. They also advocate for expanded use of CCTV cameras and DNA record-keeping. The manefesto claims that these technologies “have reduced the fear of crime” – whether these technologies actually reduce crime is not stated. There’s also a brief mention that they support some proposals in a report fronted by TV psychologist Tania Byron which mainly proposes ways of keeping kids away from Internet paedophiles and violent video-games.

There’s no mention of any digital rights issues under their human-rights section, however in the section titled “Britian’s creative industries” it reads: “We will update the intellectual property framework that is crucial to creative industries and take further action to tackle online piracy” – this may refer to the Digital Economy act which passed in the final week of the last parliament and most probably after the manifesto text was finalized – however it could refer to even more draconian plans to regulate the internet.

Moving on to the Tories, who take a refreshingly different view of Digital Rights: In the section “Restoring our Civil Liberties”, this rather wordy manefesto discusses some of the well-known problems associated with the national ID card and Database schemes. The conservatives want to scrap these schemes entirely. They also hint that they’d like to moderate the laws which permit police to retain DNA samples from wrongly accused people. That’s pretty much it – it seems that even Web-cameron is not all that interested in the Internet other than as a means to promote his party.

Finally, the lib-dems: Their manifesto includes a section called “Restoring your freedoms”, which is nice because that suggests that they understand that much of their legislation is intended to counter-act some of the legislation drafted in the last twenty years.

Like the conservatives the Lib-Dems would like to scrap both the National Identity Card scheme and the ContactPoint database. They also want to see substantially more regulation on the use of CCTV cameras, especially by local government. They also want to put an end to warrantless intercepts of email and web-browsing data.

The Liberal democrat manefesto also makes no explicit mention of the digital economy bill, most probably because it became the Digital economy act some time after it was publlished, however Nick Clegg has cited the DE act as an example of what is wrong with Westminster politics and has stated that he will campaign to have it repealed.

There is yet one more party I’d like to talk about: The pirate party are a new, single-issue party whose platform is based almost entirely on digital rights issues. In a densely worded 8-page manifesto they address a wish-list of every digital rights campaigner. Unfortunately, the document is only likely to be understood and read by digital rights campaigners.

Like the Lib-Dems, and Conservatives the Pirates would like to see the end of the national ID card scheme and related databases. They also join the Yellows and Blues in wishing for tighter controls over CCTV and DNA sample retention. Unlike the other three parties they go into a lot of detail some more obscure digital rights issues, for example the first section of the manifesto advocates for patent and copyright law reform. That kind of topic might push my buttons but it’s hardly likely to electrify a Leaders’ debate. The irony of the party is that while I find so much of what they say agreeable, the existance of the pirate party can only split the votes of people who actually care about digital liberties.

So in summary – Labour who were once the British party most strongly associated with the promotion of human rights seem not to have completely missed the boat on digital rights. The conservatives do seem to associate digital rights with civil liberties but have concluded that it’s not a particularly important issue for their base. The LibDems agree that digital rights are essential human rights and appear to be the only big party who are activily campaigning on these issues.

Posted in General | Leave a comment

What the iPad means for our digital freedoms

Posted on April 19, 2010 by Randi Mooney

The iPad is coming to the UK in a few weeks time. Since the product was launched, half a million have been sold. By most people’s standards it’s already an outstanding success. I think we can all agree that Apple have a reputation for delivering well presented products which just work. That’s a great thing when so many technological products are rubbish. But there’s a dark-side to Apple – no other company seeks to control what you do with your own devices more than Apple Computer.

Last month, Apple annoyed developers by withdrawing apps which contained errotic content. At last week’s Apple Developer conference Steve Jobs actually used this as an excuse to justify their exceptional control:

“You know,” he said, “there’s a porn store for Android.” – refering to the rival mobile platform made by google – “You can download nothing but porn. You can download porn, your kids can download porn. That’s a place we don’t want to go – so we’re not going to go there.” – WONT SOMEBODY THINK OF THE CHILDREN!!!

I’m wondering if Steve’s a bit out of touch with the average male: Prudes and puritans may rejoice that their iProducts are smut free (as long as you dont use the web-browser), but thanks to Steve, we all know that the porn-only app-store is an Android Exclusive..

But get real – locking down the app-store is nothing to do with protecting kid’s innocence – it’s about keeping control. Steve Jobs knows that he can make more money if he owns the only shop in town.

As the Electronic Frontier Foundation says – if you cannot hack it, you don’t truly own it. It’s Apple and not you that determines what is permitted on the iPhone or iPad. Every program which runs on the iPad needs a digital certificate – an electronic permission slip which can only be issued by Apple. This permission can be withdrawn at any time, for any reason.

iPad advocates will counter by saying that the iPad not for freetards like me: The iPad serves a need by simplifying computing to a point where a hypothetical grandma will have no trouble at all shopping online or renting movies. Grandma does not need bit-torrent or scripting languages. Grandma finds too much choice gets in the way of her real purpose, which is apparantly to splurge her pension on premium digital content. So what seems like an annoying restriction to me is nothing more than strict quality control which adds stability and usability to the platform.

Advocates argue that people like me are just hemp-smoking, apple-hatiers who are jealous because our eliteist computing culture is becoming increasingly irrelevant. Giving up a few freedoms -they say- is a small price to pay for security and stability… now that sounds familiar? Hmmmm

But let’s explore this idea of quality control – Does keeping tight control really improve quality? In one sense, yes because Apple can ensure that the very worst rogue-apps never reach the market.

The flipside is that planned economies stifle disruptive competition: A good example of this is that Apple took more than four weeks to approve the Opera web-browser for the market. There was nothing rouge about this app, except that it competes with Apple’s web-browser.

Apple still have not allowed their rivals Google to release Google Lattitude tool for iPhone, simply because it competes with an as-yet unlaunched location product from Apple. Instead of releasing it as an app, you can get lattitude as a “widget”. It’s a crippled version of what you can get on every other kind of phone. Far from improving quality, this is an example of where Apple’s tight control forces people to use inferior products.

Not so long ago, Apple were the company famous for “Thinking Different” – they made stuff which was unencumbered by the stupid restrictions enforced by their bigger rivals. They actively promoted digital creativity with their rip, mix and burn ethic. But as they’ve grown they have begun to adopt all of the industry’s worst habits:

Like a classic monopolist they no longer want to compete – it’s far easier to lock out the competition out of the marketplace, or better still sue anybody who looks like they might eventually become a threat. Apple sued the tiwaneese maufactuer HTC over an alleged patent infrignement involving multi-touch. There was a time when Apple’s plan was to out-innovate their rivals. Like IBM in the ’80s and Microsoft in the ’90s, litigation is just part of doing business.

The whizzy-graphis of the iPad is almost enough to prevent you from noticing how boring it is: It’s the dullest computer I’ve ever seen in my entire life. It’s designed for the lowest-common denominator. The iPad is for computers what the X-Factor is for music. It’s like what disneyworld is to a real city.

They didn’t just take away the keyboard – they took away what makes computers inspiring. By removing some of the basic freedoms to tinker, the iPad is little more than a hand-held multimedia retail outlet. It’s as if Steve Jobs built a little branch of the Apple store in your own home and then decided to charge you for this privilege.

So obviously I’m advising you not to buy one – but if you really must: Wait a month until the version with 3G. At least you will be able to use it in other places than on the toilet.

SF reporting for the PD.

Posted in Gadget Reviews | 1 Comment

Gore, can you fix this?

Posted on February 6, 2010 by Randi Mooney

No, not the former vice-president – I’m talking about the employee-owned sportswear, textile and polymer company.

Recently I bought a Gore-Tex jacket made by the Gore Bike-Wear company. Gore make some very expensive cycling garments. Mostly their stuff is awesome and well worth the money – unfortunately I’ve noticed that after some very modest use my “Paclite” yellow cycling jacket has become a lot less yellow. It’s become almost brown in places.

From gorestains

The strange thing is that these stains do not seem to be visible at all on the main parts of the jacket’s fabric – only on the thickest parts such as near the seams. It’s like the dark colour of the lining or the velcro material is bleeding through the yellow fabric turning it into a sort of dirty yellow. I hope somebody from the Gore company will contact me and offer to swap this jacket for a new one so that they can examine this and fix the problem.

From gorestains

From what I understand the Gore company sub-contracts out the manufacture of their garments, so the manufacturer of this item might not be WL Gore & Associates. Perhaps somebody who knows this product line can identify it from the code on the label: GORG2GIA137 407-7103.

Posted in General | Leave a comment

Nokia N900 – First Impressions

Posted on December 10, 2009 by Randi Mooney

After the dissapointing N97 it was all to easy to dismiss Nokia as a fading star of mobile phone design. The flagship which failed to float was the perfect excuse for a whole horde of doomsayers to predict the end of the once-greatest mobile company. A common quip was that unless Nokia were to pull off something entirely miraculous it would be “the end”. Fortunately the N900 is the miracle we had all hoped for, a truly remarkable combination of new software and hardware.

It’s hard to disentangle all the novelty in this new phone: Not only is it the first of a brand new form-factor (the sliding landscape keyboard-phone), but it’s also the first phone in Nokia’s huge portfolio to feature Maemo, an operating system entirely new to the world of phones. That’s not to say that Maemo is new: It’s been on the market since 2006 but only on Nokia’s ultra-niche tablet computers. Mameo itself has an even longer pedigree – it’s an offshoot of Debian Linux, a highly regarded variant of the increasingly popular desktop operating system.

First of all, lets deal with the easy stuff- the hardware: Nokia vastly simplified the slider mechanism compared to the N97. Instead of the elaborate slide and tilt, this keyboard simply slides out from behind the screen. While it doesn’t look so impressive it makes for a device which is both more comfortable and rugged. The new keyboard is slightly wider than the N97s since they ditched the somewhat useless D-pad. I guess they figured out that users don’t actually need a d-pad and a touch-screen if the touch screen is good enough.

Ony of my big criticisms of the N97 was it’s insensitive touch screen. At the time I put this down to the fact that Nokia had chosen the older “resistive” technology rather than the more trendy “capacitive” screens used by the iPhone and most android devices. The N900 has not switched to capacitative, and yet the screen seems a great deal more responsive. I’ve not yet encountered the frequent false-clicks of the older model. Nokia claim that the advantage of a resistive screen is that you can be more precise. This is why the N900 has a concealed stylus which slides out of the front. It’s not actually possible to use a stylus on a capacitative screen, so Nokia clearly see this as giving their customers wider choices.

The other major criticism of the N97 was that it seemed sluggish compared to the high-end phones: Once again this has seems to have been fixed. Even while multitasking the N900 seems to have the processing power to stay lively and responsive. This is no doubt a consequence of the shift to Nokia’s next generation operating system. Maemo is the phone’s biggest new feature: It’s an operating system unlike anything I’ve seen before on a mobile, but oddly similar to almost everything I’ve used on my desktop.

Unlike Symbian which was custom designed for telephony, Maemo was built for the Internet. The ability to make calls via the telephone network was a relatively recent addition to this operating system. As a consequence they’ve approached the idea of how telephone stuff ought to work in a radically different way: The most obvious benefit is that there’s a single framework for calling which handles VOIP (e.g. Skype and Google Talk) in exactly the same consistent way as a “regular” phone call. Likewise the messaging infrastructure seamlessly integrates SMS text messages with twitter, facebook and email. It all seems connected to a degree I’ve never seen before.

I dont want to give the impression that it was entirely perfect:

The biggest problem with Maemo today is a complete lack of commercial apps. None of the official Google Apps (e.g. Mail, Maps) have been ported to Symbian. It also lacks some of my favourites such as Spotify, BBC iPlayer and Last.fm. There’s no technical reason to doubt that these applications will eventually be ported to Maemo, however early adopters might need to beware that they might have to do without their favourite apps.

As compensation for the lack of apps, the web-browser is really good: Good enough (for example) to use the web-versions of Twitter, and BBC iPlayer. The built in multimedia conceals some pleasant surprises, such as the fact that that the it can handle high-definition DivX movie files and Ogg audio files. No other device I can think of can play all of these non-commerical formats despite the fact that they are hugely popular in the free-software world.

This lack of apps might seem scary, especially in comparison to Apple’s much hyped hundred-thousand but it’s not likely to be a problem in the long term: Unlike the older generation of phone which was built around proprietary code which was difficult for developers to learn the N900 is built on technology that is common today and widely used. Anybody who can develop for Linux can develop for this phone which means that there are already hundreds of thousands of developers who have the skills required to build Maemo apps. As a consequence I expect that Maemo will quickly catch up other platforms since the cost of building for this platform is relatively low.

So is the N900 the “iPhone Killer” that everybody’s been pining for? No, and thankfully not. I think this product represents an entirely new territory for the mobile phone industry. Rather than replicate Apple’s model of a tightly controlled environment, Nokia are emphasizing openness by borrowing a strategy which has worked so well for the open-source movement. This is the most open mobile platform on the market today, and I feel that proposition alone will draw in the “core” of developers who will in turn deliver the novel applications which will usher in a wider audience.

Posted in Hardware | Leave a comment

Chumby One – First impressions

Posted on December 6, 2009 by Randi Mooney

I just received my Chumby One – the budget version of last year’s most hyped internet device. These days they are positioning it as the world’s most advanced bedside clock radio (which would be true apart from the fact that Pure Digital just launched the relatively expensive Sensia ).

Upon unboxing the device my first surprise was the size of the thing. The official photography gives the impression of a device which might be approximately fifteen to twenty cm wide. The actual device is slightly more than ten centimetres, and that’s including the volume knob which sticks out the side. It’s a really compact device.

Chumby comes with an international power adaptor. Set-up of the device consists of nothing more than attaching this to a wall-socket, plugging in the Chumby One and then answering some simple questions about the local WiFi connection. Initial set-up takes about five minutes. From then on all you have to do is choose what widgets you want and set up your multimedia.

There’s a wide selection of useful widgets, for example local five-day weather (provided by the BBC) or a the next 24 hours in your Google calendar. There are also some quite bizarre ones: The default channel includes a selection of popular videos from youtube and “Prelenger Mash-ups” which are wired video compositions assembled from the historical oddities curated at archive.org. You can also set up a Flickr.com viewer which converts the Chumby into a not particularly high-resolution digital photo frame. There are also quite a few social networking widgets including at least ten different ways to present your twitter feed along with some quite good facebook viewers.

All of the above would give the impression that Chumby is intended to be a practical device. Most of the widgets are rather silly and useless compared to the ones I have listed. Finding the good ones took about half an hour of search and at this point I’m convinced that most of the rest are redundant: There are a few hundred different variations on the idea of clock, and an awful lot of quite boring flash games which I shall pretend do not exist.

The other part of Chumby’s claim to fame is it’s multimedia: It comes with the ability to play internet radio and FM. I found the FM receiver was not particularly sensitive. It was barely able to receive very strong signals from nearby transmitters. That’s possibly a consequence of placing an FM receiver in the same tiny box as an active WiFi transceiver. I wonder why they bothered? Surely the people who buy this sort of device want it for it’s Internet capabilities.

Fortunately the Internet radio feature really does work. Unlike the widgets which are controlled via your web-browser from a PC, the multimedia features are controlled exclusively via the Chumby’s touch-screen. I’m not sure why they did this since the screen is rather small and it’s very difficult to select which from the thousands of Internet radio streams you want to hear.

The audio browser is very bad: In order to hear something you must first select from a range of sources including Pandora (not available in Europe), MediaFly, manually configured streams, FM Radio, a whole bunch of obscure audio aggregators, media files available via the USB or network. Having chosen your source you are then presented with multiple levels of hierarchical menu in order to select the actual audio audio you want to hear.

This part of the Chumby experience really does not work very well since switching from one kind of audio to another is a real nuisance. Even a modest DAB radio makes changing channels easy compared to this. I suspect that Chumby users will simply pick one audio source and leave it set to that rather than have the bother of browsing. I hope Chumby Industries find a way to simplify this – they could use the same web-interface they use to manage their widgets for audio.

Incidentally, this is how Pure and Reciva based radios work: You do all your browsing via a normal web-browser from your PC. On the device there’s no need to browse a huge menu – you can select from the favourites which you have already chosen.

In summary, I’m happy with the device. It’s an interesting addition to my bedroom. It looks rather silly opposite my wife’s substantially more expensive (and stylish) Pure Sensia which can play a wider variety of sounds. The Chumby One by comparison is better at playing video and has a much wider selection of widgets.

Posted in Hardware | Leave a comment

Glenn Beck, meet Barbra Streisand

Posted on September 5, 2009 by Randi Mooney

You may have seen the rumour about Fox News presenter Glenn Beck. According to “some” people he “might” have committed a whole bunch of unspeakable crimes nineteen years ago.

As rumours go these are even more preposterous than the ones that the “birthers” promote so so I  have great difficulty imagining anybody getting worked up about them. It’s so obviously a joke, even the official web-site that tries to promote this fake controversy admits quite explicitly that it is satire intended to poke fun at Glenn Beck’s tendency to make wild accusations and then demand that his victims present evidence to prove their innocence.

(ALLEGEDLY)

The nameless web-master of the “official rumour site” site just announced that he’s under some pressure to shut down. He told me that he received a legal nasty-gram from Beck’s agents Mercury Radio Arts Inc who have demanded that the web-site shut be down or else fight it out in some kind of trademark court. This such an obvious abuse of trademark law I do not know where to start!

But I know precisely where this will end, specifically I can easily predict the consequences of using rather underhanded legal techniques to such down what is most definitely a protected form of speech. Hundreds of people who might never have paid any interest at all in this story will suddenly find it fascinating. The more imaginative amongst us will ask what Glenn Beck has to hide, and the rumour will grow and grow.

padded_room

PS. All the legal documents can be found in this collection.

Posted in Interesting | Leave a comment

Does anybody remember “Binky and Boo”?

Posted on July 29, 2009 by Randi Mooney

Binky and Boo was a 1988 animated short directed by Derek Hayes (the same guy who did the rather spooky “Skywhales“) . I’ve not yet found a copy of it on the Internet anywhere, but I did find a brief reference to the film in a Google scan of an animation text-book.

It’s the life story of a music-hall double-act at the end of their clowning careers: I seem to remember that the animation presents a sort of potted biography of the clown’s lives in the form of scenes from their painful lives as remembered from Binky’s scra-book.

I saw it only once it as part of a Channel 4 animation festival that was broadcast in the early 90′s. I remember thinking that the animation was very funny and wished that I’d had recorded it on my VCR. I’ve been looking for a copy of it ever since but it does not seem to be on sale in any format, and amazingly this animation does not seem to be anywhere on the internet.

Unfortunately “Binky” and “Boo” seem to be very common names for cats in America, so a search of the internet yields nothing but pictures of other people’s feines. I want to see animated clowns: Perhaps Mr. Hayes or one of his former associates would like to upload this animation to a video sharing service so that we can all enjoy it again. I think this funny short deserves to be seen.

Posted in General | Leave a comment

Inside the C99Shell, and removing it from WordPress

Posted on July 24, 2009 by Randi Mooney

The C99Shell a.k.a. “C99 Shell” is a PHP backdoor script designed to further compromise insecure web-servers. Once installed onto an insufficiently secure server it is able to automatically install a number of wordpress spesific hacks. In addition it can take advantage of the lack of sandboxing in the PHP platform to execute arbitrary OS commands under the user ID of the webserver process.

C99Shell appears as an extra file which is dropped in a random or disguised location somewhere in your web-server. The PHP file contains a ziped, base64 encoded stream which is decoded and then eval’d on the fly. The purpose of this is to obfuscate the file, it’s hard to spot unless you have a method to determine if files have been added to your system. Even though the file is unreadable it’s pretty easy to modify the file so that it prints it’s source-code instead of running it:

Change the “eval” statment at the beginning of the file to an “echo” statement. It will print up the following source-code which I have placed on Pastebin.

By default the C99 Shell can target key vulnerabilities in Wordpres: For example having installed the script an attacker can do a push-button patch on the config-file or the main index.php file. Usually the purpose of these attacks is vandalism or more often to install spam-links.

Detecting the C99Shell is very easy if you installed your WordPress via SVN. First of all detect and then manually inspect any .php files which have been added to your wordpress installation like this:

svn status | grep ^\?.*php$

Next try to detect files which have changed, it’s possible that these have been patched by the attacker:

svn status | grep ^M

Manually check each one of these files for signs of suspicious additions.

Once you have removed any unwelcome additions to your site, check the following permissions:

  • If you still have the hack-file try running it yourself. There are a row of buttons which can be used to install hacks. Hacks which are available but not installed are green. Already installed are yellow and unavailable hacks are red. Now that you are in control you can try out the hacks yourself and get an idea of which files they modify. If you can modify them it means your file permissions are too lax. Try to get all the filesystem security set up right before you permanently delete c99shell.
  • Remove group + other write permissions from the wp-include folder and all of the PHP files in the top level of the wordpress installation.
  • Ensure that your WordPress installation, all templates and plugins are installed via SVN. This will enable you to trivially detect and remove any unwelcome modifications in the future.
  • You can disable the “eval” function. It’s a dangerous peice of code and I’m pretty sure that it is not required by any legitimate WordPress component. Use the “disabled_functions” directive in your php.ini
http://pastebin.com/f1ca32742
Posted in PHP | Leave a comment

An anatomy of an eBay fraud #ebayfail

Posted on May 5, 2009 by Randi Mooney

The eBay scam I reported last week seems to have moved into a second, more sinister phase:

I’m no longer recieving the deluge of calls from befuddled eBay members. Unfortunately I’m getting a bunch of calls from irate eBayers asking me where the item I’d just sold them was. Somebody is sending faked eBay emails pretending to be me, demanding money in return for items which may have been sold on eBay.

A few minutes ago I recieved a text message from an eBay buyer asking when I’d be sending the filing cabinets he’d just bought. Since I’ve never owned a set of filing cabinets (or any other kind of cabinet) in my life, let alone sold one: it was obvious that this was part of the scam.

“Hi, I’ve been sending e-mails leaving voicemails but unable to get a reply. Would XXX please return a call to YYYY on ZZZZ ref the filing cabinets, Thank You”

I called the victim: Apparantly he’d recieved an email purportedly from eBay claiming that he’d won an item that he’d bid on and that he was to send money via paypal to a particular account … which unfortunately he had already done. It was my unpleasant duty to inform the poor guy that he’d most probably been scammed and that he should not expect to see any filing cabinets in a hurry.

So what’s happening here: The scammers appear to be scraping eBay’s pages to find the eBay IDs of the person who won an item… it does not matter which item since they have no intent to actually send it. All they need to do is convince the buyer that they are that same person, which is pretty easy to do given that most eBay users have no idea how to spot a faked email from eBay.

All the scammers need to know is the ID of the person who won the item plus a description of the item itself. Both of these can be scraped from eBay’s web-pages with minimal effort. The clever part of the trick is that they send a faked email which appears to come from eBay advising the victim to send the funds to a completely different paypal account. Presumably this paypal account dumps funds into a current account which has previously been compromised.

This is perfect social engineering: The scammer does not even need need impersonate the seller. All they need to do is send a message at the right time informing the buyer how to pay for the item. Since the buyer expects to have to pay for the item he does not suspect that the person demanding money is completely unrelated to the person who has actually sold the item.

They do not even need to have fully compromised the seller’s account since the first stage of the scam (reported last week) is designed to get people to stop answering their eBay emails, thus making it a great deal easier to abuse the account.  All they have to do is give an eBay ID which they know is inactive.

That’s where I come in. Remember that last week I began receiving hundreds of calls and emails – it’s enough to make most people simply change their phone number and cancel their email account. That’s a very good way to guarantee that an eBay account is inactive.

What have I learnt from this:

  • I’m never going to give away my phone number on eBay auctions. From now on I will use a skype number. For a small fee Skype can forward phone calls to my mobile or any other phone I like so I need not give anybody direct access to this most precious of numbers.
  • Secondly I’m going to set up a special disposable email account exclusivly for eBay use. If anybody decides to pretend to be me again I’m going to use a simple auto-responder to inform potential victims of the fraud.

Finally, I’ve reported this to the met police. Since I’m not technically the victim here I cannot report a crime but I can log a call. The reference number is CAD7848, reported on the 5th May 2009. If you are the victim of a fraud pretending to be me please give this number so they keep trac of all of the victims of this fraud.valium online order Ativan Lowest Price buy xanax from india no rx?
buy cheap ambien Buy Xanax Online Now pharmacies that send xanax by fedex?
order xanax online Diazepam Buy Diazepam Online Anxiety Panic lorazepam depresses hiccups
buy ativan from discount store Xanax No Prescription Lowest Prices cheap ativan online discount pharmacy
buy xanax by electronic check Alprazolam Generic For Xanax ativan for panic disorder
buy ativan 2.5 mg from india Order Alprazolam Without Prescription online sales valium;
buy ambien online without rx Order Xanax Overnight buy alprazolam online?
cheap ativan buy pharmacy online now Buy Valium Online Delivered By Fedex cheapest alprazolam
buy valium phillipines Valium Overnight Fedex buy alprazolam!
buy valium us pharmacy Lorazepam Sleeping Pill buy non genaric ambien online
xanax order online no prescription Generic Xanax Xr xanax cheap no prescription
xanax sales online Xanax Where To Buy what color is generic xanax
buy xanax without perscription; Order Valium Online Cheap alprazolam order now no prescription cheap valium online pharmacy 989.
ambien fedex Search Results Wholesale Mg Xanax discount generic xanax
buy brand name xanax? Tbuy Ambien Online cheapest xanax pills
ativan lorazepam buy cheap ativan online Walmart Generic Zolpidem lorazepam on line fedex!
ambien cr buy fed ex delivery Ambien Cheap Ambien Buy Ambien Online buy alprazolam from mexico
cheap generic overseas ativan 2mg Xanax Sales cheap ambien without prescription;
buy diazepam saturday delivery Phone Order Ambien Oklahoma Buy valium madre natura buy valium in tijuana 318.
ativan for sale? Buy Valium Canada cheap diazepam
xanax generic price Buy Non Genaric Ambiens order ambien from canada;
cheapest xanax no prescription Valium Overnight Shipping Cheap xanax peach pill

Posted in General | Leave a comment