Odd "Wire transfer to your account" spam

Almost all spam tends to be some sort of scam or some sort of malware. I can't quite figure this one out though.

From:     Andrew Chukwu [andrewchukw@gmail.com]
Date:     27 December 2013 13:24
Subject:     Wire transfer to your account

Please review and follow the instruction to get your payment slip,
please get back to us as soon as you get it

Best of Luck

I know better than to open unsolicited .DOC files, so I put it through VirusTotal.. and it came out clean. Joe Sandbox, Malwr, and Malware Tracker all report it as clean too. In fact, the only thing it seems to contain is the following string:

file:///C:/DOCUME~1/AGV/LOCALS~1/Temp/New%20Invoice.htm

The metadata says:

Os: Windows
Version 5.1
Code page: 1252
Author: AGV
Template: Normal
Last Saved By: AGV
Revision Number: 1
Name of Creating Application: Microsoft Office Word
Total Editing Time: 01:00
Create Time/Date: Thu Dec 26 10:15:00 2013
Last Saved Time/Date: Thu Dec 26 10:16:00 2013
Number of Pages: 1
Number of Words: 8
Number of Characters: 48
Security: 0

The email originates from a Gmail IP address, and given the Nigerian sounding name it could simply be a scam email gone wrong, but I would strongly advise you not to open it in any case, just it case it is something far more malicious.

Meet Muhammad Ali Hassan, spammer

This idiot is attempting to get a job by randomly sending out spam.

From:     Muhammad Ali Hassan [sumtech12@emirates.net.ae]
Reply-To:     ALY.HASSAN.ZIA@gmail.com
Date:     11 October 2013 11:57
Subject:     Applying for the post of Chartered Accountant / Finance Manager /Financial Analytics & Auditor or any other suitable position as per my knowledge and experience.

Sub: Applying for the post of Chartered Accountant / Finance Manager /Financial Analytics & Auditor or any other suitable position as per my knowledge and experience.

Dear Sir/Madam.  

This is to introduce myself to you as a potential candidate for the job placement in Accounting, Finance and Audit at your organization. I am currently residing in UAE and seeking job placement in the GCC countries. I have taken the time to research your company and am very impressed. I would appreciate the opportunity of an interview.

I am Associate Chartered Accountant (ACA), Associate Public Finance Accountant (APFA) and CFA Level 1 Candidate. I am currently seeking job prospects that commensurate with my qualification and work experience. I am available in UAE during October and November 2013 and can be contacted for an interview in person. Otherwise, I can be reached for telephonic or video interview via contact details mentioned in my Résumé attached hereunder.

WORK  EXPERIENCE:

A. F. Ferguson & Co., Chartered Accountants (a member firm of PricewterhouseCoopers network) Karachi, Pakistan
Designation: Audit Assistant – December 2008 to February 2011
Designation: Audit Senior – March 2011 to May 2012
Designation: Tax Executive – June 2012 to Date.

BRIEF OVERVIEW OF RESPONSIBILITIES(DETAILS IN RESUME)

·         Effective planning and execution of audit engagements  and other assignments to ensure completion of the same within the prescribed deadlines;
·         assisting clients in the preparation and consolidation of financial statements in accordance with the applicable financial reporting framework;
·         assisting clients consolidation of financial statements of group companies;
dealing with IFRS/IAS and ISA issues in financial reporting and auditing
preparing final audit deliverables; the audit report, the covering letter to the Board of Directors, the Management Letter, Group Reporting Packs and Certificates;
·         identifying key risk areas by developing risk assessment procedures for critical business processes;
·         performing overall analytical review, testing internal controls and carrying out detailed testing of the significant areas of the Financial Statements:
·         reviewing internal control systems and identifying significant weaknesses and recommended improvements thereon; and
·         supervising, training and motivating multiple subordinate team members.

EDUCATIONAL QUALIFICATION:

    Associate Chartered Accountant (ACA) --- The Institute of Chartered Accountants of Pakistan – ICAP---2013
    Associate Public Finance Accountant (APFA)--- Pakistan Institute of Public Finance Accountants – PIPFA---2012
    CFA Level 1 Candidate ---CFA Institute USA

PROFESSIONAL SKILLS AND ABILITIES

·         Proficient user of PwC’s auditing  & documentation software including Aura, My Client, Smart Statements and Lotus Notes.
·         Completed 90-hour Course of Computer Practical Training (CCPT) recommended by ICAP.
·         Proficient in all applications of Microsoft Office
·         User-level knowledge of various accounting and ERP software including Tally, Peachtree, SAP, Oracle Financials, JD Edwards, Maximo etc
·         Strong analytical skills and in depth technical knowledge of all financial and non-financial information.
·         Have experience of business and audit risk assessment via variance analysis of budgets and other statistical techniques.
·         Have experience of co-ordination with professionals in fields like legal, actuarial, taxation and information technology.
·         Able to meet stringent deadlines and the supervision, training and motivation of team members.
·         Ambitious, pro-active and result-oriented.
·         Able to transform knowledge into achievement of assigned tasks within the schedule and maintain quality.
·         Committed to implementing quality improvement techniques that drive business operations to success.
·         Strong leadership and problem-solving skills.
·         Capable of working well under pressure and able to handle multiple tasks.

OTHER INFORMATION:

Language Known: English, and Urdu.
Visa Status: Visit Visa Valid Till 5th November 2013

I do hereby declare that the above information is true to the best of my knowledge.                   

Yours sincerely,

Muhammad Ali Hassan
Email: aly.hassan.zia@gmail.com
Mobile: [redacted]

Attached to this is his CV. Because that probably contains enough information to do a serious bit of identity theft I'll just post a picture..

I wonder just how many other poor sods this spammer has sent his CV to?

Apple (AAPL) pump-and-dump spam

A pump and dump spam trying to move Apple (AAPL) stock? Really? I don't think a spam run is going to have much effect on a $473 share in a company worth $420bn.

From: lpskann@scminvest.com
Subject: This Company continues to surge, could new highs be ahead?

Apple has presented its new models - iPhone 5S and iPhone 5C,
which actually have not moved the providers of financing. But, we
got to hear about the confidential novelty, which is created in
Cupertino (the Main Office of the Apple Company). This specialty
will be of interest for everyone. Through just a year, everybody
will utilize it. Namely now the time is ripe to acquire the
Apple's securities. Their value will be quick increased!!!

#goodluckwiththat- here's another one:

From: h.strutzmann@raymondjames.com
Subject: This Company is Hot and Premarket analysis is ready

The new-developed models, i.e. iPhone 5S and iPhone 5C, have
been recommended by the Apple Company. Nevertheless the
products have not impressed the business sponsors.
Nevertheless, we have learned about the secret new product,
which is being worked out in Cupertino, the Main Office of
the Apple Company, which will be required by a wide
audience. (It is going to be put in use by everybody duting
the course of only one year). Now it's about time to take
possession of the shareholding of Apple, because quite soon
they will go up in value!

A third sample adds the stock ticker symbol:

Subject:      Advanced Trading Alert Notice

Apple Company (Nasdaq:AA PL) has shown its new-developed models - iPhone
5S and iPhone 5C, which indeed have been not very impressive for the
providers of capital. Still, we got the wind of the confidential new
product, which is created in Cupertino (the Principal Business Place of
the Apple). This new product will be needed by all the people. During
just one year, all the people will put in use the product. Presently it's
high time to obtain the Apple's securities. Their price will grow quite
soon.

And some more rather ungrammatical auto-generated examples..

The providers of financing have not been struck by the
new-developed models, i.e. iPhone 5S and iPhone 5C, which have
been introduced by the Apple. Still, we have got the wind of
the fact that in Cupertino (the Apple's Headquarter), a
confidential innovation is being created. The item will be
popular for all the people. It will be wide put on within just
a year. Right now is the perfect timing for acquiring the
shares of the Apple. Very soon these shares of stock will
increase high in value.

The financiers have not been struck by the new-developed products, i.e.
iPhone 5S and iPhone 5C, which have been shown by the Apple. But, we have
got to hear that in Cupertino (the Apple's Headquarter), a non-public
newcomer is being designed. The item will be required by all the people. It
will be wide put on in just a year. Now is the right time for purchasing
the equity of the Apple. Fast these shareholding will grow high in price.

iPhone 5S and iPhone 5C present the fresh items, which were shown by the
Apple Company (Nasdaq:AA_PL). Nevertheless, these products have little
effect on the providers of financing. All the same, we got to learned that
in Cupertino (where the Apple's Principal Business Office is located), an
undercover recent development gadget is being elaborated. Namely this
novelty will be of interest for everybody (the recent development will be
applied by all the people within the course of one year). The Apple's equity
shall be purchased right at the moment, as fast they will increase in price!


Apple Company (Nasdaq:AAP-L) has offered its latter-day
products - iPhone 5S and iPhone 5C, which actually have
little effect on the backers. However, we got the wind of
the undercover innovation, which is produced in Cupertino
(the General Headquarter of the Apple). This recent
development will be needed by everybody. Within only one
year, everyone will utilize it. Namely now it's about time
to get hold of the Apple's shareholding. Their price will
grow quite soon!!!

Apple Company (Nasdaq:A-A_P L) has presented its new models - iPhone 5S
and iPhone 5C, which indeed have not struck the fund clients. All the
same, we got to learned about the undercover novelty, which is designed
in Cupertino (the Principal Place of Business of the Apple Company).
This new product will be required by all the people. During the course
of just a year, everybody will put on it. The present moment the time is
ripe to get hold of the Apple's shares. Their price will soon grow.

The Apple Company (Nasdaq:A-A-PL) has introduced its new products - iPhone 5S
and iPhone 5C, which truly have little impression on the fund clients. But,
we got to learned about the private newcomer, which is created in Cupertino
(the General Headquarter of the Apple Company). This recent development will
be of interest for everyone. During just a year, everyone will use it. Right
now is the time to obtain the Apple's equity. Their price will grow quite
soon. 

Laughable advanced fee fraud scam promises $2.5

Two-and-a-half bucks? I think I'll pass.

From:     Mr Anthony Freed [johnewele12@cantv.net]
Reply-to:     dhlcorriadeliveryservice@live.com
Date:     20 August 2013 21:13
Subject:     Attention please!!!

Attention please!!!

We have registered your ATM CARD of (US $2.5) with DHL Express Courier Company with registration code of ( 9665776) please Contact with your delivery
information:
DHL OFFICE:
Name Dr:Mark Jonson.
E-mail: dhlcorriadeliveryservice@live.com //officedhldelivery service
Tel:+229 98270349.

We have paid for the Insurance & Delivery fee.The only fee you have to pay is their Security fee only.Please indicate the registration Number of ( 22-82797457 )and ask Him how much is their Security fee so that you can pay it.
Best Regards.
Rev.Anthony Fred

I don't think I've seen an Advanced Fee Fraud spam so full of fail for a long time..

Gmail Compose.. another app screwed up by Google

If you use Gmail then you've probably seen the "new compose" experience before. And turned it off. Well, Google never listed to feedback now Gmail joins a long list of applications that Google have screwed up, including Blogger, Google Play Music, Google Maps for Android and don't get me started on Google Reader and iGoogle.

The new compose experience attempts to be minimalist, but in reality it's either too small, or too big. If you are reply to a message then you get a tiny box at the bottom of the screen, a long way from the top of the email you are trying to reply to. And all the usual buttons have been hidden away because.. well, goodness only knows. It's a mess.

With these latest bodged updates, I really think that Google is jumping the shark and changing applications for no good reason at all. Android in particular is becoming a disaster area with important apps being screwed up completely. Perhaps it's time to buy a Lumia?

Mobiquant - when IT security goes badly wrong

UPDATE: as of September 2013, this site appears to have been cleaned up.

Mobiquant appears to be a a small French IT security company run by a gentleman called Reda Zitouni that has been reportedly struggling a bit and may have shut up shop earlier in the year. They describe themselves thusly: "Mobiquant Technologies is a leading company provides mobile SECURITY management technology to enterprises & carriers (BYOD, MDM, MSM)"

They have a couple of Twitter accounts, one of which has been switched to protected and the other one has not Tweeted since April. There's very little evidence to indicate any kind of activity (although we'll get to that in a moment) and this site has it marked as "Cessé économiquement" ("Ceased economically") according to INSEE.

The problem is that their website has been serving up a RedKit exploit kit for at least the past ten days. And despite several attempts to contact them via email, Twitter and a variety of other means the exploit kit remains.

It's not a surprise to see an abandoned website being infected like this, but it is embarrassing for an IT security company. But more worryingly, it could be a watering hole attack which is deliberately targeting people involved in IT security. Not that the affiliate domain yesucantechnologies.com also appears to have been compromised.

The plot thickens though. Because it is sometimes nice to let people know that they have been hacked I looked at the WHOIS records for the domain to find the contact details. And this is what I found:

Registrant Contact:
   Fortesia
   RZ Group ()
  
   Fax:
   7
   Cheval Place
   London, P S6SDJ7
   GB

Administrative Contact:
   Fortesia
    Group (adds31@gmail.com)
   +44.20777777777
   Fax: +44.20734596895
   7
   Cheval Place
   London, P S6SDJ7
   GB

What is wrong with these records? Everything! The WHOIS details claim to be for a UK company, but according to Companies House there is no such entity in the UK as Mobiquant or RZ Group, and no active companies by the name of Fortesia. "P S6SDJ7" is not a valid UK postcode, and the address is actually an East African Restaurant. Although the fax number is potentially valid, the +44.20777777777 telephone number is extremely unlikely. What sort of company fakes its WHOIS records?

Now, when you have invalid WHOIS details for a malware site one of the quickest things to do is file a report with ICANN. I did this, expecting that this apparently zombie site would be shut down. But what happened instead is that the WHOIS details changed:

   WhoisGuard, Inc.
   WhoisGuard Protected (26ae68e0b9764d38a5d0ca312cc0d367.protect@whoisguard.com)
   +507.8365503
   Fax: +51.17057182
   P.O. Box 0823-03411
   Panama, Panama NA
   PA

Now, this is kind of odd because it means that someone must be home at Mobiquant, and they were prepared to correct their WHOIS details (or risk losing their site), but are not prepared to clean up the infection. Incidentally, the fake WHOIS details can still be seen at the site mobiquantacademy.com.

Indeed, mobiquantacademy.com (apparently uninfected) was active a few days ago which indicates that something is still happening at the company. But fixing their web site is not one of those somethings..

Strangely too, Mobiquant managed to push out a press release (don't click the Mobiquant link on that page) in the past few days about being invited to a conference (is that really news?).

Now, I don't know exactly what is happening at Mobiquant, but it does seem that they are recklessly ignoring the problems with their web site which is placing customers and visitors at risk. Is that really a good way for an IT security company to behave?

UPDATE: after publishing this post a year ago and noting that the problem has been cleaned up, Mobiquant have responded to my criticism by making personal attacks and making statements that are not true. My personal opinion is that this just shows what an unprofessional organisation they are, I would certainly not recommend doing business with them under any circumstances.

Firstly, Mobiquant did acknowledge there had been an issue with their site:

From:     Grzegorz Tabaka [markcom@mobiquant.com]
Date:     26 August 2013 19:14
Subject:     Mobiquant Technology

Dear Mr. Langmore,

My name is Grzegorz Tabaka, I am communication manager at Mobiquant Technology.
Let me first congratulate you for your great blog dynamoo.com. I went through it today, and I saw your post about us regarding the issue we had few weeks ago with some malicious code that infected our website.
I know you sent us messages about it, unfortunately we didn't receive any of them, please accept my apology for that.
I only wanted to inform that our website has been cleaned weeks ago and now is completely safe.
I suppose you wont delete this post about Mobiquant, but would you be so kind and post there a short statement, that the website is now clean and safe to visit? I will be really grateful if you could do that.

If you have any questions don't hesitate to ask,

looking forward to prompt reply.

best regards

So, as requested I amended the post to say that the site was clean. But I still had my reservations over a company that did (and still does) rely on fake WHOIS details to protect its domains, and that did not bother responding to multiple reports of an issue with their web site.

Mobiquant then decided that instead of engaging in a dialogue, they would launch a personal attack against me in their blog. Their blog got deleted for some reason (I assumed they they had done it), something that happened several months ago.. but now they have decided to blame me for it and have republished it (I suspect that all they did was screw up their own DNS entries, but whatever).

To be clear, I did not request that their blog be removed. The post they made about me was so badly written and petty that it clearly demonstrated what an unprofessional organisation Mobiquant is. And company that would behave in this way does not meet the minimum ethical and professional standards that a business should have. I'm not going to link to their blog, but I will respond to it:

UPDATE:
We learnt  (by different security friends) that the CONRAD LONGMORE loves denigrating people, revealing their personal life for free BUT DON T LIKE THIS FOR HIMSELF. ;-) YES ! in fact he asked GOOGLE to remove his post from the results in the Google search. Crazy ! that our White security Knight don t like what he does to (some) honest people and companies to ensure the Buzz and traffic on his eCommerce Blog where he is still selling crap things that Have nothing related about security.
So here we are again guys !!

Sure, I will reveal the details of bad actors when I find them. But I never put in a request to Google to remove the blog, simply because this laughable and pathetic rant from Mobiquant simply shows what kind of an outfit they are.

Earlier, in August we were informed  by some partners of a strange post from a guy claiming being a "security expert". This dude called Conrad Longmore from a blog we never heard about (dynamoo), posted an article about Mobiquant Technologies. He maybe got his freeware antivirus warning him about a malicious javascript resulting of an infection on our hoster files. The strange thing here is fully about the behaviour of the guy claiming to belong to the security community. After 20 years in the sec arena we never seen a hacked victim behing blamed and denigrated having its website infected. What about the hackers? sure it requires a real true technical work. Not given to everyone.

Actually the truth of what happened is that I attempted to contact them several times with no response. From all the evidence at the time, it appeared that all activity at the company had ceased, which was backed up company reports in France. My criticism is that Mobiquant ignored the problem and had their site infected for several weeks, not the thing that make an IT security company look good. Not that this paragraph does explicitly acknowledge that they were hacked,

We  made a quick search about this unknown blogger.
[removed to avoid Google removal ]$
He is using a personal blog space on google blogspot, after apparently having tried several corp domain (www.Conrad-longmore.co.uk 404 error, no files) and a wordpress free space (http://en.wordpress.com/tag/conrad-longmore/ 404 error , no files).)

Wow.. a dead website parked at a host I don't use and a WordPress tag about me. And your point is....?

No company, no professional profile. Jobless or Yet another freelancer. Website : dynamoo.com seems to be a fake or outdated (last update 2003) website as many links are broken. Kind of blogsite quickly setup and stopped by this myserious guy.
We found some related facebook link :https://www.facebook.com/conrad.longmore‎ ,  with a profile picture of a guy having a walk in the british countryside holding a bag with a kiddy puppet  in the back :

I don't mention the company I work for, for a number of reasons. But bits of my website haven't been updated since 2003? Wrong. There are bits of my website that haven't been updated since the mid-1990s. And actually I blog about stuff most days, but really.. what's is Mobiquant's point. As for the Facebook profile, they are referring to this picture.

Yes, there's a stuffed reindeer peeking out of my backpack of the photo on my Facebook page. Oh no.

and a twitter account with some strange twitts taking position for the [removed to avoid Google removal] community :

The original post read:

and a twitter account with some strange twitts taking position for the  homosexual community : 

Basically, Mobiquant went through all my Twitter posts and found something advocating gay rights, which they are using a reason to attack me. Does this make Mobiquant a homophobic company? I'll let you make up your own mind, but given that Mobiquant appears to operate partly from Morocco, then the answer is definitely maybe.

After having contacted the guy , our team did not have any answer from him.

Which is not true.

Seems that this guy is using various ways to drive some traffic to his blog by denigrating different websites and people with no reasons claiming they are all hackers or malicious internets users and has already many enemies apparently:

Hell, yes.. the bad guys tend not to like you much if you spoil their evil plans. But as for "no reasons".. well, anyone who reads my blog can see that it is very much centered around evidence.

This is clearly to make some business about mobile items sold on his web and by using this  technique of degritation to do some buzz ( audience is poor) he is  selling mobile accessories. Security ? ecommerce ? mobile accessories ? strange guy ;-). People are complaining on forums about receiving spam email from him to buy mobiles parts : "
Conrad Longmore does appear to sell all kinds of things,  including mobile phones, and portable air conditioners, so the guy must have read the site and added the PS for shits and giggles" :  Forum of victims describing what happened to them.

I have some old (and dead) affiliate links on my personal website promoting all sorts of things. So what? And I was a victim of a Joe Job a long time ago, after exposing this criminal activity. So what?

The malware a classical non critical  HH. JS, among thousands variants of this kind,  have spreaded thoughout the web since years, and it has infected again this summer up to 252 000 website among which Apple.com and some others which were unavailable for nearly one week for some of them.
Our dude find that on our website, which is obviously technically hosted on a distinct independent infrastructure than the corporate one, thought it was a valid and major reason to drive a deep dive study about : the company, its financial status (with French reading bad expertise ;-)) , our management, our domain .... and yes absolutely not about this malware, the security countermeasures etc . In short nothing related with security and IT.

The malware was Redkit, which was a very dangerous exploit kit. As far as I know, Apple.com was never infected with Redkit. The infection is clear from my original blog post. But in particular, the infection was dangerous because the site was still running with no apparent oversight, and the victims would have been mostly IT administrators and similar which is basically paydirt for the bad guys who had hacked the site.

The funny thing is that he did criticize our website about having a temporary non critical js malware and we thought we should find a perfect website on his side. This was aboslutely not the case:
- broken links(25/70), outdated references( last update is 2003),blogsite is  badly designed, coded and graphically disgusting. We even find 5 vulnerabilities and it  looks like a beginner web blogger.

This is the non-critical issue that was in fact an exploit kit. And my site is "graphically disgusting"? Oh no! As for vulnerabilities.. well, I'm not aware of any. The site is simply coded, and you'll notice that they don't actually have any supporting evidence.

By the way we decided not to take any action again this anonymous strange blogger which apparently is using strange techniques to exists and shine on the web to make money on our back.

I could turn this paragraph around and use it about Mobiquant myself.

Finnally, after some discussion with famous security real bloggers on the web most of them told us they never heard of him and few who did know him,  had some negative feedback about his behaviour. As in any case a security professional will  blame a hacked victim for being infect or hacked. Our company never decided to be infected for some days earlier during summer time. This mix of corporate, financial -(he is also a financial expert ;-)) and personal elements in a security analysis demonstrate clearly the guy is somehow not in the security space but just personnally blogging using security as an excuse.

Did you really? But notice again, they admit to having been hacked despite denying it in the same post. Internal inconsistencies like this are an easy way to spot a lie.

This is how the web is going nowadays :  giving some space  to unknown people, having lot of freetime to blog on all and nothing.

Perhaps if Mobiquant hired some professionals rather than the kind of idiot that wrote this, then the company might be in better shape.

Remember.. I got word of this compromised web site and tried to warn Mobiquant several times (something made more difficult by their fake WHOIS details) but I never got a response. So I instead communicated with the web host and domain registrar to attempt to get the threat removed, and warned the wider community that the Mobiquant site was dangerous. If Mobiquant actually read their emails then they would have know there was a problem, which is entirely their own fault.

Anyway, Mobiquant are entitled to their point of view, but my point of view is that in my personal opinion, this is a deeply unprofessional company that you should avoid doing business with.

luntravel.com are a bunch of stupid spammers

Like most people I get of lot of spam. Sometimes it makes me cross. Here's one sent to scraped email address that is effectively a spamtrap.

From:     Luntravel [noreply@luntravelmail.com]
Reply-To:     Luntravel [noreply@luntravelmail.com]
Date:     21 June 2013 13:03
Subject:     New offers from £49
Mailing list:     c425d640a3819ebec8af23ba171be24c

So far, just a spam with a graphic in, but the email footer is what got my goat..

You receive this newsletter because you used google sometime and we send you our best deals.
Prices shown as 'from' point to the lowest bidder at the time of sending this communication, so we can not guarantee that they remain in force at the time you receive this newsletter.
Save our info@luntravelmail.com address in your e-book for the best deals do not end up in the SPAM folder.
To unsubscribe from receipt of this message, you can click on Unsubscribe, our private site is Luntravel.com

Wait.. I received this spam because I use Google? I've never used any Google product in my life. Not even blogger. And then it goes on to say that the prices quoted may as well be completely made up. Which no doubt they are. Oh yes, SPAM spelled in CAPITALS is a trademark for a brand of tinned meat.

All of the content, trademarks, logos, images, etc. displayed on the Website are protected by the intellectual and industrial property rights, patents, trademarks and copyrights of Luntravel, which are expressly reserved by Luntravel and, when applicable, any other persons or companies that figure as the authors or holders of such rights. Any violation of the abovementioned rights shall be prosecuted in accordance with currently effective legislation. Therefore, it is strictly prohibited to reproduce, exploit, alter, distribute or publicly communicate any of the Website content through any means for any use other than legitimate informational purposes or for the User to contract the services offered therein. In any event, doing so shall require the prior written consent of Luntravel.
The User acknowledges that the operation of this service is governed by Spanish legislation. Luntravel reserves the right to make any changes it deems appropriate in observance of the terms and conditions envisaged in the General Law in Defence of Consumers and Users (Law No. 1/2007), the various regulations governing the activities of travel agencies in the Autonomous Communities and the various legal amendments to and supplemental regulations of the legislation related to free access to the activities of services and their performance.

Now the stupid legal blurb which basically says we can spam you but you can't publish anything about our website, and now we'll quote some Spanish laws which may or may not exist but we are probably breaking by sending the spam (actually the relevant law is Act 34/2002 of 11 July on Information Society Services and Electronic Commerce, but I don't think they have read it).

Oh what was that about logos?

Say again?

The spam originates from 93.159.211.199 (CPC Servicios Informaticos SL, Spain) with links to newsletters.tradaticket.com on 93.159.209.72 (also CPC) and then onto luntravel.com on 94.23.82.229 (OVH, France) [report here]. luntravel.com is registered to:

  miguel angel lancho milan
  Lancho milan Miguel angel
  C/ General Barroso 37-21
  Valencia, 46017
  ES
  +34.963788523
  7i54o32ibghg27t42930@b.o-w-o.info

Dealing with spammers is never a good idea. I would avoid this bunch.

Yahoo! "We want you back" email mystery

Here's a minor mystery with something that looks very much like a phishing email..

From:     Yahoo! [noreply@email.yahoo-inc.com]
Date:     14 June 2013 08:42
Subject:     We want you back
Signed by:     email.yahoo-inc.com

Yahoo!    
We want you back.
Sign in now    
     

Keep your account active by signing in before July 15th, 2013.

By reactivating your Yahoo! account you can experience the new Yahoo! Mail, more personalized content on Yahoo.com, and so much more.

Once your account is reactivated, every time you sign in, your account will be extended by 12 months.

Need to reset your password?
Assistance is here!

Have additional questions?
Visit Customer Care

   
      Yahoo! Customer Experience    
     

Privacy Policy  |   Web Beacons in Email

It just looks so much like a phishing email that a sensible person probably wouldn't click on it.. except, the links in the email actually go to Yahoo! and the email has been signed, so this really does appear to be a genuine email.

Except for one thing.. the email address that it was sent to has never been used to register a Yahoo! account. Yup.. something somewhere is not right with this email..

Yahoo!'s explanation can be found here.

Is this Guy a moron spammer?

Here's a spam email from somebody I'll call Guy Van Dumbass (not quite his real name, but close enough). Is this Guy a moron spammer? Or does he just hire morons to push his CV through spam?

From:     Guy Van Dumbass [gvd@g-vanDumbass.be]
Date:     12 June 2013 09:52
Subject:     Sollicitatie als directiemedewerker

Pour la version française, cliquez ici

Betreft : Spontane sollicitatie – onmiddellijk beschikbaar

Directiemedewerker - verantwoordelijke 14 jaar ervaring

Mevrouw, Mijnheer,

Een ervaring van 14 jaar in het beheer van een sociaal juridische en financiële functie heeft mij geleerd in volledige autonomie te werken. Ik heb goede ervaringen verworven welke me vandaag toelaten het volledige beheer van één of meerdere bedrijven tot aan de balans en fiscale aangifte op me te nemen.

Daarenboven, aangezien ik voor een aantal bedrijven met een verschillend juridische statuut en in verschillende sectoren heb gewerkt, heb ik mijn aanpassingsvermogen kunnen ontwikkelen.

Ik beheers meerdere software programma's met betrekking tot het beheer en de boekhouding van bedrijven (VISION, CUBIC, GEBAT pro,…) en ik kan snel operationeel zijn in elk nieuw systeem, uiteraard met opleiding.

Ik ben stipt, georganiseerd en zou mijn competenties ten dienste willen stellen van uw bedrijf, in een functie met verantwoordelijkheid. Ik heb eveneens de smaak van analyse te pakken en ik ben geïnteresseerd in de nodige werkzaamheden nodig in de opvolging van de resultaten van een bedrijf.

Ik nodig U uit om mijn parcours bij het lezen van mijn CV, in bijlage, te ontdekken. Ik kijk ernaar uit om deze te verduidelijken tijdens een onderhoud welke U kunt inplannen volgens de beschikbaarheden in uw agenda. Ik ben immers onmiddellijk beschikbaar wegens stopzetting van mijn huidige werkgever.

In afwachting van een positief antwoord, verblijf ik met vriendelijke groeten,

Klik hier om mijn CV te downloaden

Cliquez ici pour télécharger mon CV

Guy Van Dumbass
M: +32 (0) [redacted]
E: gvd@g-vanDumbass.be
To unsubscribe, click here 

I won't bother to translate it for you, but Mr Van Dumbass is some sort of accountant. Now, actually I could probably use an accountant to save me the bother of filing my tax return myself but I somehow think that employing him full-time would be rather excessive.

Now, I'm going to be charitable to Mr Van Dumbass and assume that he didn't intend to spam these out to random unsolicited recipients such as myself but has in fact hired a bunch of moron spammers to do the work for him. So who is actually sending out this crap?

The link in the email goes to a page at stats.wew167.com and then bounces to wew-storage.com, specifically a file in wew-storage.com/com_clients/emailbrokers/20130611/GuyCVNL07.06.2013.pdf that I'm not going to link to.These two domains are registered to:

  EmailStrategie
  Buron Frederic
  6 rue de Belgique CP19
  PUILBOREAU, 17138
  FR
  +33.546661000
  (fax: +33.546661010)
  domaines@emailstrategie.com

The originating IP is 82.97.29.167, and spamvertised domains are on 82.97.13.103 and 82.97.13.233 (all belonging to TAS France / Emailstrategie).

The danger with hiring a company to "market" you as a personal brand via email is that it can backfire completely, and you could end up like Bernard Shifman. Luckily for Mr Van Dumbass, I haven't felt it necessary to put his real name on this blog to save him the humiliation. This time, anyway..

Experiment: There may be confidential content in your search results. Please do not share outside Google.

Well.. this is a weird thing to see when searching YouTube..

"Experiment: There may be confidential content in your search results. Please do not share outside Google." Yeah, I think something went a bit wrong there..

The "Signature Strengths" (behaviourlibrary.com) fiasco

A post over at the Sqwawkbox Blog highlights the absurdity of an online behavioural survey site called "Signature Strengths" that jobseekers are "encouraged" to use. It makes the claim that no matter what you enter, it always comes up with some positive reason why you should be working. OK.. perhaps that isn't a bad thing, but it is clearly pretty absurd.

Try it for yourself by taking the test. I answered all the questions with the mindset of an feckless, depressive sociopath and this is what I was told:

Your results!
Think about how you can use these strengths in your job search and in your life in general
Try to find a new way to use them then everyday

Strength 1. Curiosity
You are curious about everything. You are always asking questions, and you find all subjects and topics fascinating. You like exploration and discovery.

Strength 2. Love of learning
You love learning new things, whether in a class or on your own. You have always loved school, reading, and museums-anywhere and everywhere there is an opportunity to learn.

Strength 3. Critical Thinking
Thinking things through and examining them from all sides are important aspects of who you are. You do not jump to conclusions, and you rely only on solid evidence to make your decisions. You are able to change your mind.

Strength 4. Originality
Thinking of new ways to do things is a crucial part of who you are. You are never content with doing something the conventional way if a better way is possible.

Strength 5. Social Intelligence
You are aware of the motives and feelings of other people. You know what to do to fit in to different social situations, and you know what to do to put others at ease.

Fill in your email address address below to have your strengths emailed to you. You may want to discuss these with your advisor at your next meeting.

Sounds positive? But the answers that I gave to the questions completely contradict this:

1. I am always curious about the world
Very much unlike me [contradicts Strength 1]

2. I am easily bored
Very much like me

3. I am thrilled when I learn something new
Very much unlike me [contradicts Strength 2]

4. I never go out of my way to visit museums
Very much like me [contradicts Strength 2]

5. When the topic called for it, I can be a highly rational thinker
Very much unlike me [contradicts Strength 3]

6. I tend to make snap judgements
Very much like me [contradicts Strength 3]

7. I like to think of new ways to do things
Very much unlike me [contradicts Strength 4]

8. Most of my friends are more imaginative than I am
Very much like me

9. No matter what the social situation, I am able to fit in
Very much unlike me [contradicts Strength 5]

10. I am not very good at sensing what other people are feeling
Very much like me [contradicts Strength 5]

11. I am always able to look at things and see the big picture
Very much unlike me [contradicts Strength 3]

12. Others rarely come to me for advice
Very much like me

13. I have taken frequent stands in the face of strong opposition
Very much unlike me

14. Pain and disappointment often get the better of me
Very much like me

15. I always finish what I start
Very much unlike me

16. I get sidetracked when I work
Very much like me

17. I always keep my promises
Very much unlike me [partly contradicts Strength 5]

18. My friends never tell me I’m down to earth
Very much like me

19. I voluntarily helped a neighbour last month
Very much unlike me

20. I am rarely as excited about the good fortune of others as I am about my own
Very much like me [contradicts Strength 5]

21. There are people in my life who care as much about my feelings and well-being as they do about their own
Very much unlike me

22. I have trouble accepting love from others
Very much like me

23. I work best when I am part of a group
Very much unlike me [partly contradicts Strength 5]

24. I hesitate to sacrifice my self-interest for the benefit of groups I am in
Very much like me [partly contradicts Strength 5]

25. I treat all people equally, regardless of who they might be
Very much unlike me [partly contradicts Strength 5]

26. If I do not like someone, it is difficult for me to treat him or her fairly
Very much like me [partly contradicts Strength 5]

27. I can always get people to do things together without nagging them
Very much unlike me [partly contradicts Strength 5]

28. I am not very good at planning group activities
Very much like me

29. I can control my emotions
Very much unlike me

30. I can rarely stay on a diet
Very much like me

31. I avoid activities that are physically dangerous
Very much unlike me

32. I sometimes make poor choices in friendships and relationships
Very much like me [partly contradicts Strength 5]

33. I change the subject when people pay me compliments
Very much unlike me

34. I often brag about my accomplishments
Very much like me [partly contradicts Strength 5]

35. In the last month, I have been thrilled by excellence in music, art, drama, film, sport, science or mathematics
Very much unlike me [partly contradicts Strength 2]

36. I have not created anything of beauty in the last year
Very much like me [partly contradicts Strength 2]

37. I always say thank you, even for little things
Very much unlike me [partly contradicts Strength 5]

38. I rarely stop and count my blessings
Very much like me

39. I always look on bright side
Very much unlike me

40. I rarely have a well thought out plan for what I want to do
Very much like me [contradicts Strength 3]

41. My life has a strong purpose
Very much unlike me

42. I do not have a calling in life
Very much like me

43. I always let bygones be bygones
Very much unlike me [partly contradicts Strength 5]

44. I always try to get even
Very much like me [partly contradicts Strength 5]

45. I always mix work and play as much as possible
Very much unlike me

46. I rarely say funny things
Very much like me

47. I throw myself into everything I do
Very much unlike me

48. I mope a lot
Very much like me

So who owns this site? A look at the WHOIS records come up blank:

   Administrative Contact:
      Private, Registration  behaviourlibrary.com@domainsbyproxy.com
      Domains By Proxy, LLC
      DomainsByProxy.com
      14747 N Northsight Blvd Suite 111, PMB 309
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax -- (480) 624-2598

Not to worry, because a historical WHOIS gives us the real records:

   Administrative Contact:
      Nguyen, Samuel  samuel.nguyen@cabinet-office.gsi.gov.uk
      1123 Aquarius House
      19 St George Wharf
      London, England SW82FG
      United Kingdom
      0-782-183-6785

That's this chappie.

As The Register points out, this is a completely bogus test that appears to be designed to make people feel more positive about work (and to perhaps collect email addresses) rather than offering any constructive advice. Positive thinking is not a bad thing, but this is a wasted opportunity to achieve something constructive in terms of critical analysis. Surely it wouldn't be too difficult to create (or buy in) a test to do this properly?

And this is why people don't trust lawyers..

You may or not have heard of Prenda Law.. it's a US law firm that has been pursuing alleged movie downloaders for copyright violations. But it won't reveal who it's clients are, leading to allegations that Prenda is up to some shenanigans.

Anyway.. it's a fascinating story even for non-lawyers, but it all came to a head when a judge dragged them into court and asked them to explain themselves. And they took the fifth. Ken at Popehat writes about the latest episode in this saga here.. but you've just got to love the summary of just how scandalous this is part way down:

In effect, the responsible lawyers for a law firm conducting litigation before a court have refused to explain that litigation to the court on the grounds that doing so could expose them to criminal prosecution.

I mean.. holy crap. It's worth reading that again just to understand what some lawyers are prepared to sink to. Their mothers must be very proud of them.

FOG RANT: turn your lights on!

Much of the part of the UK I live in is currently either a) foggy or b) very foggy. Freezing rain has turned the roads to ice and visibility is bugger all. At the moment the roads look like they do in the picture, and there are multiple accidents all over the place.

What amazes me is the sheer amount of complete f--king idiots driving with NO LIGHTS ON WHATSOEVER. Do they not notice that everyone else has their fog lights on? Do they not notice the radio reports of all the accidents?

Grey or silver cars in particular are almost invisible. Perhaps it is time to invest in a front-mounted laser cannon to blast these idiots of the road..

01530 561700: PPI refund cold callers are also PPI mis-sellers

Quick version:  01530 561700 is a PPI claims company trading as ABC Claims Management, but the people involved have been directors of a firm fined for PPI mis-selling. If you really want to wind them up, say you were mis-sold PPI by a firm called Hadenglen.

Long version:
PPI refund cold callers are annoying, and are almost always dishonest scumbags who claim that you are eligible for a PPI refund, but in fact they have no idea about who you are and nor do they have access to your financial records.

But there's more to the folks calling from 01530 561700 than meets the eye. The claims management company calling from this number is called ABC Claims Management (abc-inc.co.uk) who quote an address of:

York House
Smisby Road
Ashby de la Zouch
Leicestershire
LE65 2UG

A look at the WHOIS details give a nearby address:
Domain name:
        abc-inc.co.uk

    Registrant:
        HADENGLEN PLC

    Registrant type:
        Unknown

    Registrant's address:
        Hadenglen House Marlborough Square
        Leicestershire
        COALVILLE
        LE67 3WD
        United Kingdom

They list the owner as Hadenglen plc. Unlike many PPI claims firms, Hadenglen knows all about PPI.. because it and its boss were fined £182,000 in 2007  for PPI mis-selling. Hadenglen is no longer authorised to sell mortgages and there is a proposal to strike it off the register at Companies House.

The telephone number is closely associated with Hadenglen, both ABC and Hadenglen share the same address of:
SMISBY ROAD
ASHBY DE LA ZOUCH
LEICS
LE65 2UG
..and of course, Hadenglen registered the domain name.

Of course, the real gotcha is that two of the directors of ABC Incorporation Ltd are Paul Butler and Richard Hayes who were both directors of.. you guessed it.. Hadenglen. Indeed, Mr Hayes was fined £49,000 for his part in the Hadenglen PPI mis-selling.

You could argue that poachers make the best gamekeepers, and the directors of a firm that was involved in PPI mis-selling might be the best people to make a claim. Or you might think otherwise. But why pay someone to do it (which could be thousands of pounds) when you can do it for free?

Update:  the scammers from ABC rang me again, and the woman calling identified the company but said she had never heard of her directors of Hadenglen.. which I very much doubt. I advised her to fuck off and leave me alone.

"How Fatima Started Islam" spam

This nasty anti-Islam email has been doing the rounds recently, I've received it several times over the past few months and decided that it was worth a closer look..

From:     Laurel Pettit [kqmdy@agenta.de]
Date:     27 December 2012 22:39
Subject:     Re: more infomation about islam

How Fatima Started Islam

A book like no other on this earth.  Not a few cartoons or an infantile movie trailer but 234 page novel which insults Islam like no other.  A parody of the always drunk proprietor of "Mohammad's Saloon & Brothel" with his completely ridiculous life exposed.  This moronic child molestating coward and fool who bumps his way through life oblivious to his manipulation as the figurehead of another new religion.  Learn about his adopted son and heir Ali, the biggest swish ever to sashay across Arabia while sadistically running Mecca's largest boy's brothel.  Only $9.99 to laugh at, mock, and ridicule those fanatics who do not enjoy being ridiculed.  A well written and extremely funny parody at Amazon.com.

http://www.amazon.com/How-Fatima-Started-Islam-Mohammads/dp/0578032902/ref=sr_1_1?ie=UTF8&qid=1339884134&sr=8-1&keywords=how+fatima+started+islam
 link to Amazon.com
https://www.amazon.com/How-Fatima-Started-Islam-Mohammads/dp/0578032902/ref
Observe the never sober Mohammad having sex with camels, pre-adolescent girls and boys, the mutilations, murders, terrorism, sneak attacks, back stabbings and mental illnesses.  Absolutely no other novel is similar.  Stick up for America by sticking it to Radical Islam.

Also: There is a subtle effort to dissuade Americans from buying or reading this parody.  The Mullahs of Radical Islam HATE the fact that we in the West can still purchase this book.  They are pressuring and threatening Amazon to stop offering the novel for sale.  They demand a world wide ban with criminal penalties under Sharia Law.  Out of 6,000,000 Amazon books "How Fatima Started Islam" has the second lowest review rating, why, because Amazon has been flooded with well over 100 negative reviews with the lowest possible rating, reviewers who openly state that they would never ever buy or read a book insulting The Prophet, yet they take the time to tell you not to read it.  The second lowest rating is a badge of honor, it shows how much the Ayatollahs of BAGHDAD and DAMASCUS and the murderous terrorist who killed our ambassador and burned our embassy in BENGHAZI  do not want you to buy HFSI. Do not let these radical tin pot madmen, who think they rule the world and everyone in it, dictate to you what you may or may not read; purchase this important, well written, and extremely funny book.

Well, they're right about one thing.. the reviews are terrible. And they're terrible because this has been spammed out on a regular basis.

But where does this spam come from? Here is the key part of the mail header:

Received: from [183.131.24.233] (port=1249 helo=mailbook.simalbok9v.com)
    by [redacted] with smtp (Exim 4.80)
    (envelope-from <kqmdy@agenta.de>)
    id 1ToM6k-0001GW-12
    for [redacted]; Thu, 27 Dec 2012 22:39:22 +0000
Received: from cpe-184-56-141-86.neo.res.rr.com (HELO cpe-184-56-141-86.neo.res.rr.com) ([184.56.141.86])
From: "Laurel Pettit" <kqmdy@agenta.de>

183.131.24.233 is an IP address in China (Zhejiang Telecom). The domain simalbok9v.com doesn't actually exist though, the mail relay was spoofing it. But it's the email address before it that gives a least a little clue as to the sender. 184.56.141.86 is a Road Runner subscriber in Cleveland, in the US.

Alas, it doesn't tell us who it is, but it DOES tell us that it originates from within the US, and this spam is illegal under the CAN-SPAM act.

Now, I'm quite curious as to who else has looked at the headers to see what pattern there is. And I'm open to the possibility that this could be a Joe Job. But I certainly ain't gonna buy that book..

Update: the spam is still doing the rounds and is still originating from a Road Runner subscriber at 184.56.141.86, but now there is a new Chinese mail relay at 122.240.59.40.

Received: from [122.240.59.40] (port=2892 helo=mailbook.simalbok9v.com)
    by [redacted] with smtp (Exim 4.80)
    (envelope-from <crvll@fresnosheriff.org>)
    id 1Tp6dX-00071A-Qk
    for [redacted]; Sun, 30 Dec 2012 00:20:20 +0000
Received: from cpe-184-56-141-86.neo.res.rr.com (HELO cpe-184-56-141-86.neo.res.rr.com) ([184.56.141.86])
From: "Brianna Collins" <crvll@fresnosheriff.org>

Cableforum.co.uk hacked?

Cableforum.co.uk is a popular and useful UK site about digital TV and broadband. Unfortunately, the email address list has leaked out and is being used for spamming, for example:

NatWest : Helpful Banking
Dear Valued Member ;

To prevent unauthorized access to your accounts, your online service has been temporarily locked. No further log in attempts will be accepted.
This is a procedure that automatically occur when an invalid information is submitted during the log in process.
Please follow the provided steps below to confirm your identity
and restore your online access:




https://www.nwolb.com/Brands/NWB/images/backgrounds/widepod_header_bottom_purple_login.gif
    

© Legal Info – Security
© 2005-2012 National Westminster Bank Plc 

This is a standard NatWest phish. It doesn't originate from Cableforum.co.uk or its servers, but it is sent to an address ONLY used for Cableforum, so it must have leaked out somehow.

So.. dutifully I pop across to Cableforum.co.uk and (changing my password en route) find the appropriate forum. It seems that the problem has already been spotted:

Here's one example:

So I received this email today:


Quote:
Date: Fri, 2 Nov 2012 10:15:08 -0400
From: NatWest Online [helpdesk@nwolb.com]
To: [removed]
Subject: Please Review Your Contact Details!!!


Dear Valued Member ;
To prevent unauthorized access to your accounts, your online service has been
+temporarily locked. No further log in attempts will be accepted.
..etc...
The email was sent to an address I've only used to register on Cable Forum and is a series of random characters that spammers wouldn't just 'guess'. Just wondering if anyone else has had this email? 

That's odd. That's exactly the same as me. And then there's another one:

I had two emails sent to both the addresses registered here on Cable Forum. Not sure why the earlier thread was so hastily closed?
Slightly off topic, why can I not edit my email address here?
When I attempt to change it I get this: The email address you entered is already in use. If you have forgotten your password, please click here.
I have not forgotten my password, I was trying to change it as well as my email. 

These are very precise reports from people using unique sign-on addresses. You'd think that would be pretty good evidence. So, armed with that you'd expect a concerned "we'll look into it" response. But instead the replies are:

Spammers don't "pick" anything. Their software generates emails at random and, yes, that includes strings_of_gibberish @yourdomain.

This site has not sold your email address.
This site has not been hacked, cracked or compromised.

The end.

Thread closed.

and

Threads of the same topic that have been closed should not be re-opened/re-created no matter what the circumstances are.

This issue cropped up several months ago and I will repeat what was said then...

We do not believe our systems have been compromised. There was no evidence to suggest an intrusion or breach took place. If anyone has any *Strong* Evidence to suggest other wise then contact us using the contact link below.

Thank you. 

which prompted a response from the original reporter:

The only spam I had was today, didn't have any earlier. I did get an explanation from the mod that closed it about how he didn't feel the thread was useful and that it would attract unwanted replies. But I think preventing people from discussing the issue stinks of a cover up (whether it is or not).

It would be much better to at least post a link to that thread, or some sort of explanation of what they think is happening rather than a dismissive knee-jerk response that it didn't happen when three people have claimed to receive the same email (and Osem says it happened before). All I want is an explanation about what happened and a promise that security of MY data is important but I don't feel like I'm getting that.  

What's worse is that this isn't the first time that this has been reported. Here's another one:

Today I received a not-so-subtle phishing email pretending to come from Santander, sent to my one-off email address associated with my cableforum account. I registered my account in 2009 and it's the first time I get spam/phish on this address. I don't really care if CF was hacked since I used a unique pw/email, but maybe a warning to other users would be the polite thing to do... 

But going back even further shows this thread with a lot of evidence that an email address leak has occured. One person who seems to know their stuff points:

Your database has been dumped and the damage is done as far as spam is concerned
now the question is are you

1) going to stick your head in the sand and thow around accusations
or
2) man up and fix the problem 

One of the Cableforum team shows just how far they can bury their head in the sand

But seriously, all in all, getting back to the main issue, there is about 5 people receiving it to their CF registered e-mail address and reporting it here so far. Co-incidence, yes but a very weak one. 

How many people do you think use unique emails for each site? Not many. That sort of evidence is very, very strong.. especially with multiple reports. That comment got this withering rebuke:

It's not a co-incidence at all. The emails are clearly of the same content and arrived within a small interval of each other and to CF-specific registered email addresses. If you're saying this is purely by chance and that all these email addresses were just "guessed" up by some automated program, then you're in denial.

 But another member of the CF team shows that they just don't understand it at all:

Given the extremely weak evidence provided and this appearing to only affect a very small number of members i.e less than 10, we do not believe that our systems have been breached and as a result we believe this to be the actions of brute force spamming.

Really? All these people with unique email addresses report the same spam. And it just gets dismissed?

But if you have the same problem.. forget it. All threads have been closed, creating new threads on the matter has been banned. In denial much?

Clearly there has been a problem for several months, although it isn't clear when such an address leak occurred or what data was taken with it. You should always assume that the passwords have been compromised and change it, plus change it anywhere that you re-use the same password.

Sadly, crap like this happens to good websites. And the best way to deal with it is to be honest and 'fess up so that members can act accordingly. Nobody likes to think that there site has been compromised, but in this case it clearly has been to some unknown extent.

I emailed Cableforum.co.uk to advise them (since new forum threads are banned). Let's see if I get a response..

Update: and other incidents are here and here.. so this isn't really an isolated problem.

Update 2:  predictably, raising the issue just gets the thread closed with the phrase "There is nothing to discuss and I am not interested in wild theories and stupid accusations that some how there is a cover up." Which just shows that there is a cover up..

Update 3:  and what is really ridiculous is that Cableforum mods are denying it, despite the fact that their site was recently hacked. And it isn't the first time, either.

When idiots attack

The Wikipedia article for the Ripoff Report is one of those battlegrounds that combines edits from fans of the site, scammers who have been exposed by the site who are trying to settle scores, some people with genuine grievances and concerns about the way the site operates and neutral parties just trying to keep the whole thing together.

Usually, the edits are quite small. But then someone replaced the article with this edit with following text containing a number of obviously false allegations:

Ripoff Report is a privately owned and operated for-profit website founded by consumer advocate Ed Magedson. Who is a fraud star and he is also a Child molester. He used to live in Tampa, Florida, people say he is hiding now in Arizona but actually he lives out side of the USA. FBI is looking for him as well. He claims that he is the consumer advocate. In reality he is actually a communist and he does now not want to Free market to spread out. He is a real scammer and extortionist! People be care full!! The Ripoff Report has been online since December 1998 and is operated by Xcentric Ventures, LLC is a fradulent company which is based in Tempe, Arizona.[1] Ed Magedson is the site's current Editor-in-Chief.

If we want to grow Free Economy and grow America we must stop this fraudulent monster. He caused a serious damage too many good people. All he cares about his own money! He must be brought to justice!

At the same token Google, Yahoo and Bing are supporting him! He must be black listed in all search engines!

Almost all the old text from the article was deleted, and the highlighted section above added. What the heck is a "Fraud star" anyway? So who wrote this illiterate drivel? Well, Wikipedia helpfully records the editor's IP address of 74.92.194.46, which is..

Network
NetRange	74.92.194.40 - 74.92.194.47
CIDR	74.92.194.40/29
Name	NATIONS-WARRANTY-GROUP
Handle	NET-74-92-194-40-1
Parent	CBC-ATLANTA-6 (NET-74-92-192-0-1)
Net Type	Reassigned
Origin AS
Customer	Nations Warranty Group (C01796119)
Registration Date	2007-11-20
Last Updated	2007-11-20
Comments

Customer
Name	Nations Warranty Group
Handle	C01796119
Street	2820 Lassiter RdC ,
City	marietta
State/Province	GA
Postal Code	30062
Country	US
Registration Date	2007-11-20
Last Updated	2011-03-19
Comments

Googling for "nations warranty" marietta is pretty revealing and it leads us to this SEC complaint from 2008 which says:

The Commission alleges that since approximately January 2008, Mikula, a recidivist securities law violator, and Craddock, acting individually or through Nations Warranty or JW&P Consulting, have used misrepresentations and omissions of material fact to offer and sell approximately $2.8 million of securities issued by Nations Warranty in unregistered transactions to approximately 120 investors.

The Complaint alleges that Mikula, operating through his wholly-owned entity JW&P Consulting, and Craddock used material misrepresentations and omissions of material facts to offer and sell short-term promissory notes issued by Nations Warranty. The notes were sold with terms of either 100 or 220 days, and promised rates of return of 4% or 5% per month, respectively. Among the misrepresentations and omissions, the defendants described Nations Warranty to investors as a profitable company when, in fact, Nations Warranty has incurred a net loss of at least $1.2 million during 2008. Defendants also claimed the Nations Warranty notes were "guaranteed" when, in fact, they were not.

Furthermore, Defendants represented that JW&P Consulting had evaluated the risks of investing in Nations Warranty notes and had found the risks acceptable. However, Defendants failed to disclose that JW&P Consulting was nothing more than Mikula himself and that Mikula had been enjoined in a Commission action in July 2007 for operating a Ponzi scheme.

As a result of this fraud, the company was liquidated. Presumably whoever posted the Wikipedia edits confuses free market economics with fraud.

Here's the odd thing.. the SEC actions took place in 2008, so why start griping four years later? There's only a single entry that I can find on Ripoff Report here, and that dates from other three years ago. Not really very current, is it? Or perhaps Nations Warranty have popped up again under a new name?

Zinio spam wastes everyone's time

I've never heard of Zinio before, but apparently they produce electronic versions of magazines or something. I've certainly never opted in to receiving mail from them, but they do seem to be a legitimate company. Presumably they bought my email address from a third party in good faith.


But the annoying this is that if you're going to spam out advertisement emails.. well, at least check the basics.

Date:      26 May 2012 09:38:52 -0400
From:      "Zinio Digital Magazines" [zinio@pgs.zinio.com]
Subject:      Limited Time Offer: Make a purchase on Zinio and get $5 in Zinio Perks!

Exclusive Offers From Zinio! � View as a web page �
   
shop     |     featured     |     my library     |     tell a friend            

Get Credit For Purchasing What You Love!

For a limited time, make a purchase on Zinio and get $5 in Zino Perks, good towards over 5000 digital publications!

Simply choose your favorite magazines anytime before April 30, 2012 midnight PST and receive your Zinio Perks within 72 hours.

Click here and choose from thousands of titles now!

           
National Geographic Interactive

Subscribe and Save 67%!
Buy Now �

    Us Weekly

Subscribe and Save 68%!
Buy Now �

    Harvard Business Review

Subscribe and Save 53%!
Buy Now �

    Maxim

Subscribe and Save 79%!
Buy Now �

           
New Scientist

Subscribe and Save 76%!
Buy Now �

    Macworld

Subscribe and Save 76%!
Buy Now �

Subscribe and Save 48%!
Buy Now �

    HELLO! magazine

Subscribe and Save 50%!
Buy Now �

This email was sent to: xxxxxxxxxxxxxxxxxxx@xxxxx.xxx

We respect your right to privacy, please manage your preferences here.

Zinio LLC - 114 Sansome Street, 4th Floor, San Francisco, CA 94104

There's some horribly mangled HTML that prevents it from loading properly, but the key annoyance is that this so-called special offer expired on "April 30, 2012 midnight PST" but the email was only sent on the 26th May from an IP address of 66.150.202.2. The email is digitally signed as being from zinio@pgs.zinio.com.

Well, Zinio.. I might just pass you up on your craptastic offer.