Chip and Pin – Excuse me?

If you like in the UK or Northern Ireland, you’re probably finding that, instead of writing your signature, you are being asked to enter your PIN on a little keypad when you use your debit or credit card to make purchases.

Now, please forgive me if I’m way off the mark, but how is this supposed to increase security?  Seems to me that we have simply replaced one flawed system for another.

Flawed?  How so?  Well, in "the old days" scammers used to run your card through a magnetic strip reader and they could create "cloned" copies of your card.  The data would be written onto a fresh, blank card and they could sign the back whatever way they wanted.  The criminal would then go use your card in a store to pay for goods and the signature would be good. And you are out of pocket.

Now, they are asking you to enter your pin.   Excellent – now they also have your PIN number – how they get it via electronic interception between the keypad and the device,  over the wire, or by "shoulder surfing" – doesn’t matter.  Joe Crim now has your pin.  They also have a swipe of your card (all the shops I’ve used my card in so far with "chip & pin" have both swiped it and put it into the pin keypad).   So, not only can they burn the magstripe onto a fresh card and use it, they can pop it into an ATM and withdraw cash directly from the account with my PIN.

Lovely, who comes up with these ideas?

Referrer spam – a possible solution?

Ok, so referrer (HTTP_REFERER) spam is really starting to get on my wick^H^H^H^H goat (does anyone say wick anymore?), so after adding the latest ip to by referrer spam blacklist firewall the following potential solution hit me.

Give the spammers what they want.  They want people to click on the links that they are spamming, so why not.   Sounds like madness? No, let me explain.

In the same way we report spam, ala spamcop or other blacklists have a site that you can report URLs of referer spam to.  Submissions would need to be checked by a list of moderators (perhaps in the slashdot moderator/metamoderator style).  Once a submission has reached a certain threshold – e.g. +5 posive votes with zero negative notes then the URL is added to the database.

The latest web addresses are then published in XML format / RSS feed.

Finally, we have a tool which reads these feeds and causes a single "click" download + all images on that page.   It might cost us 10-100KB of bandwidth, but it also costs the spamvertised website.  Now have 10000 or more people using the same tool, all clicking only the most recently advertised websites within 15 minutes of it being added to the database.

You’ve got a website killer right there… sorry, I mean you’ve got a really excellent response rate for the spammer – just what they wanted.

Workable? Viable? Illegal? Does anyone really care?

New addition

I would like to announce the birth of little Lauren Gregg at 8.30am today.

Both mother and baby are doing well.

I would write more but I am posting this entry via my mobile phone.

Update:

Now I’m back at home and out of the hospital, here’s a pic or two, I’ll get more up on "her" site in the coming weeks.

read more….

Annoyances

If you are any kind of a geek, you’ll be checking your web site’s access_log on a semi-regular basis to get an idea of who is linking to you.  Call it an ego trip if you must 🙂 but, of late, it has become a little more annoying.

You see, spammers have started “referer spamming” (sic) where they spam your referRer logs with URLs that don’t really link to your site in order to get link backs, con people into visiting the URLs, or hopefully find some sites that publish their web site log stats/analysis.

I know it is tempting to believe that jennaloveshack.com or somesuch loves to link to your pages, but this really screws up the logs.  And, so I have taken to firewalling the offenders and it is proving remarkably effective.  So for your perusing pleasure, the “bad guys” list provided in PeerGuardian format (which I convert to ipfw firewall rules):

 

Link Referrer Spammer:66.6.223.190-66.6.223.190
Care Initiatives linkref spammer 123gotcash:63.227.76.25-63.227.76.25
Linkref spammer:66.119.34.39-66.119.34.39
Linkref spammer:216.104.196.225-216.104.196.225
Linkref spammer:212.253.2.204-212.253.2.204
thebestofnet.com spammer:194.228.211.200-194.228.211.207
linkref spam:148.244.150.52-148.244.150.52
Possible linkref spammer:195.244.37.80-195.244.37.80
Hacked / scanner machine:80.109.48.242-80.109.48.242
whois.sc / nameintelligence “bot” ref spam:64.246.160.0-64.246.191.255
petalsnetwork.com/se/coral-springs-florists spammer:211.157.8.41-211.157.8.41
teens-photo.com spam:12.22.85.3-12.22.85.3
teens-photo.com spam:12.33.10.164-12.33.10.164
refspam:211.157.8.44-211.157.8.44
refspam:209.44.12.250-209.44.12.250
catagoryhound.com linkspamming their own service:205.236.189.0-205.236.189.255

 

Since I added firewalling to those networks/ips, my referer log is much cleaner and my irregular ego boost can continue largely uninterrupted.

Microsoft XP Retarded Edition to be launched.

Microsoft is launching a cut down version of Windows XP, as "Starter Edition".  This version will feature (or rather not feature) limited graphical capability and will only allow the user to run three programs at once.

Full story at: http://news.bbc.co.uk/1/hi/business/3554084.stm

"… in an effort to halt the rise of low-cost Linux software"
"…  it hoped the new software would also help deter consumers from buying pirated versions of its XP system"

I don’t see a XP Retarded Edition helping in either of these battles.

EasyIrony

So Stelios is launching easymobile using all the usual orange livery that all the easy* companies under Stelios’ control use.

However, now Orange (the mobile phone company) is upset at his planned use of the colour orange.

Stelios says there is no problem.

How ironic after Stelios started suing any company using the word "easy" or "easy" in their company name.

Orange Farce

This is a mini-rant. 🙁

So, I’ve got an Orange contract phone and the wife has a Orange pay-as-you-go phone, both are in my name.  Tried calling her, except the stupid Orange network has assumed that since she didn’t answer one call and it dropped to voicemail, then all future calls should immediately go to voicemail.  Her phone doesn’t even ring.

I figure this will reset if she calls to collect her voicemail – except neither her nor I know how to do this.  Personally I detest mobile voicemails and the first thing I do on my phone is permanently have it removed.   Thus the solution is to do the same to her phone.

No problem you might think.  Both phones are in my name, I’ll just call up Orange and they’ll sort it.  Not on your nelly mate.

Orange contract customer service don’t help with PAYG phones and the (very helpful) guy told me I would have to call 07973100451.   “Ok, thanks for your help”, I replied and proceeded to call the supplied number.

So, I call the number and immediately the standard Orange female recorded message informs me “This number is permanently barred”.   Excuse me?   I call customer service to clarify.  Turns out you have to call from a land line.

So not only will Orange contract not help with Orange PAYG, Orange contract actually block you from phoning Orange PAYG.  Perhaps they are afraid of people moving from contract to PAYG.  What a stupid, stupid setup.

Google adsense and making money from your web.

I was talking to Hendrix in EfNet #php a couple of weeks ago about his site http://www.phpriot.com and his use of the Ads by Google.  I wondered if it actually made him any money.

Now Hendrix’s site is pretty new and still ‘in development’ but it’s pretty decent already.  I’ll not say how much he was getting, but I thought it was worth a punt.

I joined 2 weeks ago and have the ads displayed on pages in my Projects area and, quite frankly, I’m astonished by the results.

The way it works (as I figure) is that you put some javascript on the pages you want the adverts and since google has indexed those pages it know relevant adverts to send.  I get mixed results, but on the whole they aren’t bad (tho my system "utilities" attracts adverts for electricity utility companies!).

Companies pay google on a per-click basis to get these ads onto websites such as mine and google gives me a cut.  That "cut" appears to be quite the movable feast from as low as $0.02 per click to unbelievable highs of $1.60 per click.  What spurred me into writing this article was that for the last two days I earned $17 and $20 respectively. Not bad at all.

So, my question to the world, is do you use Google’s AdSense? And if so do you feel it is worth it?  Please vote in the poll.

IRC and l4m3 asshats

This evening, whilst lurking in #php (efnet), a guy by the handle ITman decided to spam the channel with an advert to join his channel to pay him for consulting.

Ordinarily such events come and go, but this one was quite wonderful.

Read and weep.

ITman (~n@h166n3c1o1002.bredband.skanova.com) has joined channel #php
<ITman> Anyone need help join #Consulting, only $5 per question
<ajnewbold> ITman ok there buddy
*+* Mode change "-o+b ITman *!*n@*.bredband.skanova.com" on channel #php by Qube
ITman has been kicked off channel #php by Qube (game over, man.  game over.)

And that was that, until:

<ajnewbold> #consulting just got pwned
* Can’t join #consulting: channel is invite-only
<ajnewbold> I own #consulting 🙂
<ajnewbold> Who wants ops?
<ajnewbold> hahahaaha
* ajnewbold feels 13 again
<Qube> invite
* You have joined channel #Consulting
* Topic for #Consulting: ^B#Consulting^O | Professional IRC and computer consulting | $5 per question | www.paypal.com
* Topic for #Consulting set by ITman!~n@h166n3c1o1002.bredband.skanova.com on Fri Jul  9 23:00:09 2004
* Users on #Consulting: Qube @huang-ti Rainmaker Trials MamaTried niklas Avi
babe coldshado @ITguy Averell ITman
*** #Consulting : created Fri Jul  9 22:59:58 2004
<niklas:#php> ajnewbold: having fun? 😉
<ajnewbold:#php> the guy was a turd
<ajnewbold:#php> he kept on advertising in all these channels
<ajnewbold:#php> then he oped me
<ajnewbold:#php> idiot

Knowing he’d lost this challenge:
<ITman> Anyone need help join #Consulting2, only $10 per question
<Avibabe> Oh my.
<Avibabe> TEN BUCKS!
<Avibabe> 😀
<Trials> one of those moments that gets put on a site and ppl read and think pahh, thats just stupid
* huang-ti has changed the topic on channel #Consulting to "Free consulting for one and all!"
* Mode change "+o Qube" on channel #Consulting by ajnewbold
<Avibabe> 😀
<Qube> must be because #consulting2 is worth twice as much as #consulting
<ajnewbold> hahaha
<Avibabe> 😀
<ajnewbold> join #consulting2
<Qube> DoNotTauntTheHappyFunAjnewbold
<ajnewbold> god
<ajnewbold> it’s been 10 years since my last channel takeover
<ajnewbold> mind you, I do think that taking over a channel is highly immature
<ITman> I concur
<ajnewbold> but in this case it felt justifiable
<ajnewbold> the guy was a turd
<Qube> he’ll not spam #php again
* ITman has been kicked off channel #Consulting by ajnewbold (ITman)
<niklas> he will not, i but a ban in place
<ajnewbold> I forgot he was here
<Qube> niklas++
<niklas> now do we really want to stick around as it will look like we did the spamming?

<CyrixBorg> god he was annoying
<CyrixBorg> what happened with him?
<ajnewbold> CyrixBorg, he was relieved of duty
<CyrixBorg> did he op you and you kicked him? hehe
<CyrixBorg> yah
<ajnewbold> yeah, hehe
<ajnewbold> I’m an ass
<CyrixBorg> he was annoying in our channnels
<ajnewbold> he set up shop in #consulting2
<ajnewbold> I should have joined it before I took this over

<ajnewbold> he’s soliciting help in #consulting2
* You have joined channel #Consulting2
* Topic for #Consulting2: State your question, only $10 (www.paypal.com)
* Topic for #Consulting2 set by ITman!~n@h166n3c1o1002.bredband.skanova.com on Fri Jul  9 23:15:59 2004
* Users on #Consulting2: Qube ajnewbold Avibabe sinnedFBI MaggieL Trials Averell gripe @ITman

I then joined channels #Consulting3 .. 22, then we saw:
* You have joined channel #Consulting22
* Mode change "+nt" on channel #Consulting22 by efnet.xs4all.nl
* Users on #Consulting22: @Qube
<ITman:#Consulting2> Join #Consulting23 for professional consulting, come and ask your question, only 99 cents a piece
* Mode for channel #consulting22 is "+tn"
*** #Consulting22 : created Fri Jul  9 23:35:00 2004
* You have joined channel #consulting23
* Users on #consulting23: Qube @ITman
<MaggieL:#consulting4> Too late

* ITman (~n@h166n3c1o1002.bredband.skanova.com) has joined channel #consulting3
<ITman:#consulting3> Join #Consulting23 for professional consulting, come and ask your question, only 99 cents a piece
[etc, etc, for all the channels]

* ITgal (ajnewbold@likes.to.jiggle.her.h00ters.biz) has joined channel #consulting23
<ajnewbold> qube, you didn’t go up high enough man
* ITgal is horny
<Qube> i know
* Qube rubs itgal
* ITgal loves it
* Mode change "+o ITgal" on channel #consulting23 by ITman
* Mode change "-o ITgal" on channel #consulting23 by ITman
<ITman> oops
<ajnewbold> oh you fucking idiot
<ajnewbold> haha
* ITgal wants the ops, makes her wet
* Mode change "+o ajnewbold" on channel #consulting23 by ITman
* Mode change "-o ajnewbold" on channel #consulting23 by ITman
<ITman> oops
<ajnewbold> JOIN #CONSULTING99 FOR QUALITY CONSULTING!
<ITman> I gott alearn mirc lol
<ajnewbold> itman, you got a lot to learn
<Qube> aw, i didn’t gett oped and you all did
* Mode change "+o Qube" on channel #consulting23 by ITman
* ITman has been kicked off channel #consulting23 by Qube (Qube)
<Qube> hooray
<Trials> ROFL
<Trials> ah ya bitch
* ITman (~n@h166n3c1o1002.bredband.skanova.com) has joined channel #consulting23
<ajnewbold> wtf?
<ajnewbold> oh my god
<ITman> Join #Consulting24 for professional consulting, come and ask your question, only 99 cents a piece
<ajnewbold> that ROCKS!
<Qube> rotfl
<ajnewbold> Qube, I can’t believe that happened!
<Phlip-> hehehe

We later had an oper gline him when we got bored.

ok.txt

Hi Paul:

Thanks for your post on /.

Okay, so perhaps you can explain in more detail how ok.txt lets a site check for open proxies?

You can always email me the answer (or a link) or just email me to let me know the answer’s been posted here, or post on /. (it’s all good).

Thanks

Tom