No, I do not want to go to your spammy disco

I've seen some odd spam in the past. I've never been spammed by an Essex disco operator before:

From:     ronnie-s-dj Professional Entertainment [info@ronnie-s-dj.co.uk]
Date:     7 November 2014 06:24
Subject:     Christmas New Year 2014! Disco & Karaoke Party Time

The spamvertised domains are karaoke-dj.co.uk and ronnie-s-dj.co.uk and the same owner also operates ronwindsor.co.uk. I'll spare him the embarrassment of listing his address.

I assume that Ron bought a cheap mailing list in good faith without realising that it was worthless, and then proceeded to spam out from his BT IP of 109.154.39.151 via Outlook.com with abandon. Unfortunately, this sort of thing gets both your web hosting suspended and internet access revoked.

Hopefully Ron has a better idea of how to run a disco than how he promotes his business. But I don't fancy a trip down to Essex to find out.

Do people really fall for this?

Here's a simple phishing spam..

From:     info@kythea.gr
Date:     24 October 2014 13:50
Subject:     payment

this mail is to inform you that the payment have been made
see the attached file for the payment slip

ANTON ARMAS

Attached is a file payment Slip (2).html which displays a popup alert:

You have been signed out of this account this may have happened automatically cause the attachement needs authentication. to continue using this account, you will need to sign in again. this is done to protect your account and to ensure the privacy of your information

The victim then gets send to a phishing page, in this case at uere.bplaced.net/blasted/tozaiboeki.webmail.html which looks like this..

Ummm... do people really fall for this? The frightening answer is.. probably, yes.

"Clean India" spam is an exercise in hypocrisy

"Clean India" is a meant to be a campaign to clean up Indian politics. But one of the biggest problems they have in India is spam (which lead to the long saga of Delhi minister Somnath Bharti's history of spam). So I think it is an act of sheer hypocrisy to promote this campaign through random spam.

From:     Ministry Of Urban Development [support@localcirclesemail.com]
Reply-To:     support@localcirclesemail.com
Date:     15 October 2014 11:24
Subject:     Swachh Bharat invite by Ministry Of Urban Development
Signed by:     localcirclesemail.com

Invited to Circle: Swachh Bharat
Founder: Ministry Of Urban Development
Members: 189975
Description: This circle brings together all citizens who want a Clean India. Through this circle, citizens will be able to share cleanliness initiatives, challenges, successes at a National Level as well as learn about best practices from each other. Members will also be able to give collective inputs to Ministry of Urban Development on an ongoing basis. Soon, members of this circle will have access to their local constituency circle on Swachh Bharat connecting them with fellow local residents and enabling them to organize/participate in clean up drives in their neighborhood/city. Together, let us make it a SWACHH BHARAT!


About LocalCircles
LocalCircles takes Social Media to the next level and makes it about Communities, Governance and Utility. It enables citizens to connect with communities for most aspects of urban daily life like Neighborhood, Constituency, City, Government, Causes, Interests and Needs, seek information/assistance when needed, come together for various initiatives and improve their urban daily life. LocalCircles is free for citizens and always will be! 

The spam originates from an Amazon AWS IP of 54.240.9.132, the spamvertised site localcircles.com is also hosted on Amazon AWS. The registration details are:

Registry Registrant ID:
Registrant Name: LocalCircles India
Registrant Organization: LocalCircles India Pvt Ltd
Registrant Street: 1105, 11th Floor,
Registrant Street: Advant Navis Business Park, Sector 142
Registrant City: Noida
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 201301
Registrant Country: India
Registrant Phone: +91.1204263558
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: info@localcircles.com

Google sums up localcircles.com poor reputation nicely: We've found that lots of messages from localcirclesemail.com are spam.

As long as India tolerates spam and other dishonest business practices then I don't think that there's much change of them cleaning up their act. I think whoever is sending out this spam needs to look much closer to home before criticising others.

Sky doesn't understand "opting out" of marketing emails

When I opt out of marketing emails, I expect to stay opted out. This kind of crap sent from Sky really gets my goat.

Are you making the most of your Sky TV?
We’re checking our records and can see that you’re not currently opted in to get offers by email, so there are bound to be things you’re not hearing about, like:
-  exclusive money-saving offers on fantastic Sky products and services
-  the chance to trial our most popular products and services totally free
We’ll also donate £2 to Sky Rainforest Rescue, our partnership with WWF, for every customer that opts in – up to £10,000. Sky Rainforest Rescue is helping to save 1 billion trees in the Amazon. So you’ll be making a real difference to the rainforest, which is home to an astonishing one in 10 of all the wild species on Earth.
It only takes a minute, so opt in tod​ay and get more out of being a Sky customer.

Sky seem aghast that I'm not interested in a stream of marketing emails for products which I am probably not interested in. Which is why I opted out of having them. I don't want to be nagged about opting out - that's not honouring the opt out is it? In other words.. this is spam.

Just in case Sky ever ends up reading it, I will put it in terms that you might understand..

This is why I don't use Network Solutions

I recently acquired a domain name which ended up being registered at Network Solution, not my usual registrar.. so I then wanted to move that domain from NetSol to my main domain account. Now, do to this you need an authorisation code to transfer out.. which I duly requested.

So after a few days of waiting, I get the following email from Network Solutions.

Let's look more closely at that authorization code. Yeah, normally that's the sort of thing that you should never share.. but:

The authorisation code is frigging blank. This is meant to be an automated process.. how can it be blank? Or has someone intervened manually?

Oh wait, I didn't read this line in the email:

If you are planning to transfer your domain to another registrar, we would like to do whatever it takes to keep your business - please let us know how we can improve our service to you.

Presumably this a way of doing whatever it takes. I did even drill down into the HTML source to make sure it wasn't my mail client screwing up. It seems that I'm not the only person who has had problems transferring their domain out according to this story.

UPDATE 2014-10-03:  I raised a ticket which was acknowledged.. and then ignored completely. NetSol are breaking ICANN regulations by not providing the authorisation code in a timely manner.

UPDATE 2014-10-09:  After several support tickets and chasing through Twitter I finally got the transfer code.. after two weeks! This clearly breaches the specified five calendar days to do the job.

Just a (hopefully) final note. If you do find that a registrar is being deliberately obstructive about the transfer (or they transferred a domain without your permission) you can make a complaint to ICANN here.

Obama sends me an important message about surveillance

Obama sends me an important message about surveillance. No, really. But perhaps not the Obama you are thinking of.

Date:      Mon, 23 Jun 2014 23:36:02 +0800 [11:36:02 EDT]
From:      CCTV Surveillance [mail@globalsourcescctv.com]
Reply-To:      mail@globalsourcescctv.com
Subject:      [IMPORTANT] Surveillance

Hi,
Good day

We would like to take this opportunity to introduce our company.
WEISKYTECH founded in 2006.
Export 90% products to developed countries in North America and Europe,
established close business relationship with many famous security companies around the world.

Our Products Line
| CCTV camera. (IP CAMERA.HD-CVI CAMERA.ANALOG CMOS/CCD.)
| NVTKITs. DVRKITs.CVRKITs. (4CH,8CH,16CH)
| POE SWITCH (4.8.16.24CH POE SWITCH. 15W.25W POE MODULE).
| NVR.CVR.DVR

We want to give to you GOOD - CHEAP - FAST Surveillance products.
Obama here, looking for your reply needs and questions.

Reply me & quality products can be stand your inspection!

Best Regards,

Mr Obama, 

There's no website, so this spam is soliciting replies via email so globalsourcescctv.com must be valid for receiving mail (indeed, the MXes are mxbiz1.qq.com and mxbiz2.qq.com). Let's have a look at those WHOIS details then..

Registry Registrant ID: 1821794
Registrant Name: WILSON
Registrant Organization: Obama
Registrant Street: LONGHUA
Registrant City: shenzhen
Registrant State/Province: Guangdong
Registrant Postal Code: 518000   
Registrant Country: China
Registrant Phone: +86.75536956066                        
Registrant Phone Ext:
Registrant Fax: +86.75536956066                        
Registrant Fax Ext:
Registrant Email: 595642135@qq.com                       
Registry Admin ID: 1821795

Wow.. Obama again. Must be legit. Or perhaps not..

Personal misfortune is not an excuse for spam

"Mark" is having a hard time. Left with huge bills after being treated for prostate cancer, he feels let down by his employer at the time who did not cover the treatment with their health insurance.

How do I know this? He spammed me to tell me about it. Several times.

From:     Mark ******* [me@mail.*****]
Date:     17 June 2014 07:25
Subject:     Please donate to help support my recovery from Localised Prostate Cancer

Hi
        please consider donating to help fund my financial recovery since I was treated for Localised Prostate Cancer.

Regards,

Mark *******

        © Mark ******* , All Rights Reserved.
                http://******* .net/
                        or
                http://******* .like.to/
                        or
                http://******* .like.to/

A web form is attached soliciting funds:

Because "Mark" has suffered enough, I am withholding his full name. I did the due diligence and checked that the originating IP links back to a mailserver on his own domain, so this isn't a Joe Job.

But personal misfortune is not an excuse to spam, and in this case "Mark" sent to the spam to some randomly generated recipients that don't actually exist. That sort of thing is very bad practice, and if you are trying to get donation sent to a PayPal account then it is a good way to get your account frozen.

PrimeAspire (primeaspire.com) spam

UPDATE: PrimeAspire have responded to this post, scroll down to the bottom.

Startup or no startup, sending spam to a spamtrap is not a good way to drum up business..

From:     Team@primeaspire.com
To:     donotemail@wearespammers.com
Date:     20 May 2014 13:32
Subject:     PrimeAspire - The Freelance Platform

Hello,

Following our recent launch we'd like to invite you to PrimeAspire where you can post any task and securely get skilled people to complete specific freelance tasks.

The platform is completely free and used by talented people looking for freelance projects.

Learn more

Thanks,

The PrimeAspire team

P Please consider the environment before printing this email.  Thank you.

Prime Aspire is a freelance marketplace. This message, its contents and any attachments are private, confidential and may contain information that is subject to copyright. You may not disclose, use or disseminate all or part of this message without our prior written consent. If you are not the intended recipient, please notify us immediately by replying to this message and then delete it from your system. Whilst we take reasonable precautions to prevent computer viruses, we cannot accept responsibility for viruses transmitted to your computer and it is your responsibility to make all necessary checks. We may monitor email traffic data and the content of emails to ensure efficient operation of our business, for security, for staff training and for other administrative purposes.

This email was sent from Prime Aspire Limited (Registered number: 7850209). Prime Aspire Limited is registered in England and Wales. Registered address: SUITE 34, New House, 67-68 Hatton Garden, London EC1N 8JY United Kingdom. For further information, please click www.primeaspire.com

To unsubscribe please reply with the word "Unsubscribe".

But (and just as a warning, I'm going to get sweary here) wait a fucking minute.. "This message, its contents and any attachments are private, confidential and may contain information that is subject to copyright. You may not disclose, use or disseminate all or part of this message without our prior written consent." You fucking spammed me with this. I will do with it what I fucking well please.

CEO of PrimeAspire is one Chris Adiolé. PrimeAspire (strictly speaking it is Prime Aspire Ltd) is a real company (07850209 in the UK), and Mr Adiolé even has his name on the domain WHOIS details rather than hiding behind a proxy service.

Registrant Name: Christopher Adiole
Registrant Organization:
Registrant Street: 67-68 Hatton Garden
Registrant City: London
Registrant State/Province: KKD
Registrant Postal Code: EC1N 8JY
Registrant Country: GB
Registrant Phone: +44.20700000000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: info@primeaspire.com

Originating IP is 79.170.44.6 which is Heart Internet in the UK. The primeaspire.com domain is hosted with the same firm on 79.170.40.239.

So, let's assume that this is a real proposition and not some sort of scam. Fair enough. But promoting your startup through spam is always a very bad move, but adding meaningless legalese crap to it is really going to piss people off..

UPDATE: many Kudos points to Chris Adiolé for addressing the issue and apologising. So perhaps they're not such a bad bunch after all :)

Hi,

I note you recently published an article on your blog with regards to a promotional email you received from PrimeAspire.

We are a small startup and after our launch in February we worked with a marketing agency who supplied us with email addresses, claiming to be addresses of people that opted to receive emails about freelancing and related services. Unfortunately, we took their words at face value and failed to check the email addresses before sending out the emails.

On behalf of PrimeAspire, I sincerely apologise for the inconvenience. We are an honest startup working hard on our product and have no intention to send spam emails or use sinister marketing procedures to promote our product.

Thanks,

UPDATE 2: but now PrimeAspire are likely to lose their Kudos point due to this rather rude message from some Indian SEO guy..

From:     Tutu Kumar [tutukumarseosolutions@gmail.com]
Date:     25 June 2014 09:16
Subject:     Remove the blog of "PrimeAspire (primeaspire.com) spam"

Hello Dynamoo.com Team,

I'm Tutu Kumar from india, also a SEO Expert. Now i'm working SEO for  Primeaspire.com. And i saw google search pages our blog title
PrimeAspire (primeaspire.com) spam.
 This blog title is bad effect for our website but content is good.
Kindly remove the blog of your website.


Thank You
Tutu Kumar

Funnily enough, I don't feel inclined to do that. PrimeAspire sent me a spam.. that happened, and Chris Adiolé apologised which I think shows a great deal of integrity. Perhaps Mr Kumar needs to generate some positive press instead rather than concentrating on my little blog.

Dr. Annette Bosworth is a moron spammer

I'm not very interested in US politics, and I certainly don't live there. So why is this moron spammer trying to get me to vote for her?

From:     Anette Bosworth [anette.bosworth@bosworthcampaign.com]
Reply-To:     anette.bosworth@bosworthcampaign.com
Date:     9 May 2014 15:27
Subject:     Not Cool, Guys
Signed by:     bosworthcampaign.com

Honestly, who acts like this? 

This is my first run for political office.  I am a doctor, not a career politician, but I just couldn’t sit on the sidelines and watch what is happening to our great nation any longer.

I have always stood up for what I believe in.  The first time I stood up to a bully I was 7 years old.

Today, the biggest bully I see is the federal government.  I grew up on a working farm in Plankinton, South Dakota.  I am a doctor who works with the elderly and the poor.  The clinic I own is a small business.  In every area of work and life, there is just too much government interference.

Being a doctor, I understand how unfair and harmful Obamacare really is -- and I have vowed to repeal every single word of it.  I also pledge to cut taxes, defend the second amendment, and to protect the unborn.

Washington, D.C. insiders don’t want to see people like you and me change their way of doing business.

Change is possible, but it takes effort from all of us.

I am fighting for that change against an establishment insider with millions of dollars, much of it PAC money from special interest groups.

My opponent has so much PAC money, he can afford to be wasteful – and he is.  Just this week, he produced a slick advertisement for TV that didn’t even feature voters from the state of South Dakota.  And when he was caught, he didn’t even apologize -- he just threw the advertisement away.

That’s not how I do things.

I am a fiscal conservative.  I promise that if you donate now, your hard earned donation will be used in a responsible way to fight big government and wasteful spending.  I need your help to get there. Will you join me?

Absentee ballots in South Dakota are mailed out this month and that’s when voting begins – will you chip in $5 or more today?

The donation you make today will help us get our message to voters.

Thanks,
Dr. Annette Bosworth
image2.png

To unsubscribe please click here
   

Dr. Annette Bosworth
2601 S. Minnesota Ave, Suite 105-129, Sioux Falls, SD, 57105

Paid for by Dr. Annette Bosworth for U.S. Senate

Contributions to Bosworth for US Senate are not tax deductible

It seems that she's a Doctor of some sort, but she opposes affordable healthcare. As a European we are constantly amazed and horrified at the way US healthcare professionals just let people die when the money runs out of their insurance policy.. if they have an insurance policy. Until Obama forced changes to the US healthcare system through it was 100 years behind that in Europe. Now it is only 80 years or so behind. Progress I guess.

Also, Annette Bosworth (or whatever idiot is spamming on her behalf) is attempting to solicit funds through fundly.com which violates their terms of service. Luckily she hasn't been able to recruit many other morons to her cause and has only raised $1,150 out of a target of $750,000.

Well, since this is an abuse of the Fundly terms of service, then getting it shut down and losing the funds could be a bit of a laugh.

The spam originates from two18.2bits.co (63.143.38.243) and spamvertises a site at marketer.2bits.co (63.143.38.226). Both these IPs are allocated to Limestone Networks in the US, but are suballocated to a customer called Joseph (Joey) Burzynski of ResistedNormalcy LLC and/or MarketKar.ma in Dallas. The email is digitally signed for the domain bosworthcampaign.com which has hidden WHOIS details.

Of course, this could be a subtle Joe Job intended to frame Annette Bosworth and make her look like a moron. But according to Joey Burzynski's own Facebook page at www.facebook.com/resistednormalcy/likes he "likes" Annette Bosworth. And tattoos. A lot.

There are plenty of other indicators online that Dr Bosworth has employed the promotional "talents" of Mr Burzynski.

I'm not the only one that thinks that this is spammy either, because Gmail says..

Presumably Annette Bosworth thinks that her point of view is so important that she can spam it out to people at random, regardless of where they live. I personally think she is a moron spammer and hope that the electors of South Dakota treat her accordingly.

UPDATE 12 May 2014: According to US law..

Contributions and donations may not be solicited, accepted, or received from, or made directly or indirectly by, foreign nationals who do not have permanent residence in the United States (i.e., those without green cards). This prohibition encompasses all US elections; including federal, state and local elections. 11 CFR 110.20(b).

So it would be prohibited for Dr Bosworth's campaign to accept a donation from me as I live in the UK and have never even visited to the US.

So it's probably a bad move that they accepted my ten bucks.

 There's a lively discussion about this over at the Madville Times.

UPDATE 13 May 2014: it has been said that Americans don't get irony. When I made my illegal $10 contribution to Annette Bosworth's campaign, I added the comment "Ten Bucks Well Spent!" because I knew that that accepting the money from a foreign donor would have some entertaining repercussions.

What I didn't expect was that not only would be donation be accepted, but that Dr Bosworth would also quote me on her Facebook page..

I like the comment "GOOD AMERICAN;;" (even with the spurious semicolons. Perhaps Americans don't understand semicolons either. I'm not sure I do) because of course I am British. And if Dr Bosworth's supporters knew my political leanings then they would assume I was the Spawn of Satan.

Interestingly, this means that they not only accepted the donation but someone took the time to review it.. surely then they should have spotted that I was not in the US.

Ten bucks well spent indeed!

And for those asking.. here is the receipt:

UPDATE 5 June 2014: Annette Bosworth has been arrested on charges of perjury.

Message From The QUEEN!!!

Wow.. a Message From The QUEEN!!!

From:     Victoria Leopold [abuse@nospam.com]
Reply-To:     leopold.victoria@yahoo.co.uk
Date:     28 April 2014 14:35
Subject:     Message From The QUEEN!!!


Best Regards
Leopold Victoria (Queen).

Queen Elizabeth House
3 Mansfield Road
Oxford OX1 3TB

Strangely, I thought that the Queen was Elizabeth Windsor who lived in Buckingham Palace, London. But perhaps I am wrong. It looks like Queen Leopold has fallen on hard times and is having to use a Yahoo! free email account. And isn't Leopold a man's name?

Of course, this is a scam. Originating IP is 81.149.158.33 (BT, UK) via gwkent.com (69.198.120.156). Avoid.

"CSR EXCELLENCE AWARD 2014" / csrawards.co.uk spam

Rule one of good customer service.. don't spam people like these jokers do:

From:     Green Organisation greenorganisation@rkwmail.co.uk
Date:     21 March 2014 07:02
Subject:     AO Corporate Social Responsibility Manager,

Is yours a company that cares?

     Do you help colleagues to reach their full potential?
     Are you a good neighbour in your local community?
     Do you show loyalty to your suppliers and customers?
    Are you reducing your negative impact on the environment?
    Do you support good causes and goodwill initiatives?

If you can answer YES to any of these questions,
you could win an

INTERNATIONAL CSR EXCELLENCE AWARD 2014

THIS is the perfect time to get the recognition you deserve for your Corporate Social Responsibility initiatives. NOW is the time to submit your free entry for an

INTERNATIONAL CSR EXCELLENCE AWARD

CLOSING DATE FOR FREE ENTRIES – MARCH 31

The CSR Excellence Awards are presented to companies that have a heart -

caring companies that use their privileged position to help their colleagues, communities, customers, suppliers, the environment and the less fortunate.

Caring companies can be a realistic force for good and change-for-the-better, and we want to recognise and reward their efforts with the CSR Excellence Awards

        Every company is entitled to a free entry

        All winners will be invited to the glittering presentation ceremony at The Crystal, Royal Victoria Docks, London

        The closing date for free entries is March 31, 2014

    We will plant a tree for every entry received.

There are THREE chances of success for each entry, as we will be presenting Gold, Silver and Bronze awards in every category – plus an overall winner.

If you are a company that cares, send your entry NOW!

    You can enter
        online at www.csrawards.co.uk
        by email to rich@eco-brand.co.uk
        or by post to

CSR Awards, Ecobrand, 97 Cock Lane, High Wycombe, Bucks HP13 7DZ

Responsible businesses can make an enormous difference to the quality of life and prospects of everyone touched by their corporate activities.

Show you care! Win a CSR Excellence Award!

Good luck with your entry.
Richard Collins
Campaign Organiser

I particularly like the address of 97 Cock Lane. Nuff said.

The Green Organisation (thegreenorganisation.info) spam

Perhaps The Green Organisation (thegreenorganisation.info) has good intentions, but sending out unsolicited bulk email is just going to get them regarded as The Spam Organisation.

From:     Green Organisation greenorganisation@rkwmail.co.uk
Date:     29 January 2014 02:43
Subject:     FAO: The Chief Executive and anyone involved with the built environment

FREE ENTRIES FOR BUILT ENVIRONMENT AWARDS

You can submit a free entry in the Green Apple Built Environment and Architectural Heritage Awards, as long as it arrives by February 28.

The top prize is a holiday for two in the world’s greenest resort – AquaCity in the High Tatras mountains of Slovakia.

There are three chances to win in each category, with Gold, Silver and Bronze trophies for the top three.

You also have the chance to represent your country in the European Business Awards for the Environment, as the Green Apple Awards is one of the few UK campaigns accepted as an official feeder scheme into the Brussels-led initiative.

If any of your building/construction projects helps the environment in any way, you are invited to submit an entry.

Every company or council is entitled to a free entry and all winners receive invitations for the glittering presentation ceremony at the Crystal, London in June, with food and drink included.

You can win…

• A prestigious trophy and certificate

• A holiday for two in the world’s greenest resort

• International recognition

• Qualification into Europe

• Massive publicity

• And we will plant a tree on behalf of each company submitting an entry.

And all free of charge!

The Green Apple Awards for the Built Environment 2014

 You can enter online, by email or by post and you will find more information at www.thegreenorganisation.info or you can phone 01604 810507.

CLOSING DATE FEBRUARY 28, 2014

It’s free – and easy!

The Green Organisation, The Mill House, Mill Lane, Earls Barton, Northampton NN6 0NR.

Unsubscribe

The email originates from 81.168.114.179 which resolves as rkwmail.co.uk (hosted by Eclipse Internet in the UK). The WHOIS details for that domain are:

Domain name:
        rkwmail.co.uk

    Registrant:
        Roger Wolens

    Registrant type:
        UK Individual

    Registrant's address:
        Mill House
        Earls Barton
        Northamptonshire
        NN6 0NR
        United Kingdom

When we look at the spamvertised domain thegreenorganisation.info we see some broadly similar details:

Registrant ID:DI_9170956
Registrant Name:Domain Contact (103845)
Registrant Organization:The Green Organisation
Registrant Street1:The Mill Barn, Mill Lane
Registrant Street2:
Registrant Street3:
Registrant City:Earls Barton
Registrant State/Province:Northants
Registrant Postal Code:NN6 0NR
Registrant Country:GB
Registrant Phone:+44.1604810507
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:rogerwolens@btconnect.com


So whois is Roger Wolens? Well, he appears to be the owner of The Green Organisation. So the next thing I wondered is.. exactly what is The Green Organisation. They answer this question on their own website:

THE GREEN ORGANISATION  has been established since 1994 as an international, independent, non-profit, non-political, non-activist environment group, dedicated to recognising, rewarding and promoting environmental best practice around the world.

Note that The Green Organisation is not a charity but a business. We can look that up on DueDil to see what it thinks:

OK, that seems to look like a non-profit to me. In fact a hunt around their website shows nothing suspect or untowards, although if it is really the hugely successful enterprise that it claims to be then I wonder why it is promoting itself through spam.

Password hand-wringing misses the point

Recently doing the rounds of news outlets is a list compiled by SplashData of weak passwords found in data breaches in 2013. There's nothing wrong with this list, but as ever, the media completely miss the point.

SplashData's list is as follows:

Rank	Password	Change from 2012
1	123456	Up 1
2	password	Down 1
3	12345678	Unchanged
4	qwerty	Up 1
5	abc123	Down 1
6	123456789	New
7	111111	Up 2
8	1234567	Up 5
9	iloveyou	Up 2
10	adobe123	New
11	123123	Up 5
12	admin	New
13	1234567890	New
14	letmein	Down 7
15	photoshop	New
16	1234	New
17	monkey	Down 11
18	shadow	Unchanged
19	sunshine	Down 5
20	12345	New
21	password1	Up 4
22	princess	New
23	azerty	New
24	trustno1	Down 12
25	000000	New

The presence of "adobe123" and "photoshop" as passwords show the influence of the Adobe data breach on the list. Back in 2010 when Gawker was breached, one of the popular passwords was.. you guessed it.. "gawker".

The media has a habit of picking up the wrong point.. they look at a password of "123456" and ask how can anyone be so stupid to use it? But my somewhat NSFW response is what the fuck does it matter?

Almost everything these days requires registration for which you need to supply an email address and password, and often for trivial things. One of the reasons that gawker featured so highly in the Gawker breach was that to the vast majority of users it matters not one jot if someone hacks into their account. The same is true for a lot of Adobe users.. in most cases the accounts are of absolutely no value to an attacker, so it really doesn't matter if you have adobe123 as a password or not.

So, the media (or at least some of it) says that you should choose a secure password such as fJ4C62GY0I8C15D but their advice is misleading because the real problem is password re-use and not the security of the password per se.

Despite the obvious security problems in doing so, many sites store passwords in plain text or in an insufficiently encrypted format. In these cases, it doesn't matter how secure your password is because the attackers will just be able to read it. Even in cases where the password is encrypted, with enough time and/or rainbow tables the password can often be determined, even it is a complex one.

And if you have re-used that email address and password on other sites.. well, you're buggered basically.

In an ideal world, you would have a nicely secure password for each site and you would remember it in your head. But of course, that's practically impossible, so one option is to use a password manager (SplashData themselves make these) to remember them all for you. There are several different password managers available, but of course there is always the possibility that one of these tools might get hacked itself which could be catastrophic for users.

If you don't want to use a password manager, then you'll have to do it the old-fashioned way, and either remember your passwords or store them in some other manner. You should always have a secure and unique password for your web mail, banking/finance, work and major shopping sites. But for all the cruft that you have to register, there's probably little harm in using a password that it easy to remember. Does it matter if the password I use for ranting at the BBC is abc123? Perhaps it doesn't.

But perhaps one problem is that there are simply too many times that you have to create an account in the first place. Sometimes it is nice to come across a retailer (for example) that will allow you to order stuff without creating a damned account.. something that seems to go against the grain, but it does mean that there's one less password to worry about..