John Chow vs Shoemoney
By maurizio | October 15, 2007
If you are new here, you may want to subscribe to my RSS feed. Feel free to leave comments and questions too.Thanks for visiting!
For the first time Shoemoney is heading the competition. I was thinking that maybe he was just waiting for the last days, but instead he started to work at it now. Maybe he was just waiting to speak about it with Dllsmack.
Check the stats on my right bar. You can have it on your page by just coping the javascript that generates it.
Topics: Ramblings | 2 Comments »
Subscribe to my feed here!
Read other related posts:
Upgrade your Blog or face hate email
By maurizio | October 11, 2007
Nice title, isn’t it?
Unfortunately it’s true.
Blogging software is complicated and programmers sometimes make mistakes on it.Sometime the problem is not the blog itself but the software that lies below it. It happens that some of those problems can be used to gain access to your web server account. This kind of bugs could be seen as a problem for the webmaster only but that’s far from the truth. A cracker (or script kiddie, whatever you prefer to use to define those “hacker” ) isn’t really interested in hacking your “Make Money Online” blog just to show his skills and he’s not interested in reading your stats too. The modern crackers are interested in your database, especially user data. That’s why your readers could start sending you hate mail.
I did that myself.
If you haven’t understood yet, the interesting data on the Database are comment’s email addresses. Do you remember the small text “not displayed” near the comments’ email address request? Well, that email address is secret and only the owner of the blog can see it. If a cracker gain access to your database, he can read all your users’ email addresses!
If you are unlucky to be in that situation and one of your users did a little experiment like I did, you’ll start to get email from him.
My experiment was to use a unique address for every blog where I leave a comment. I don’t write in many blogs so it’s not that difficult. I keep track of them and they are less than 50. A couple of days ago I started to receive email do that address so I wrote some kind of “hate” email to the owner with a question if he’s the spammer or if he had some problem with the server.
If he was honest with me (and if I trust what he said) he was a victim of that defacement. Actually the victims are all those people who wrote a comment on his blog leaving the real email address.
Today I’ve received 20 spam to that address (they should be 10 because for some reason they were doubled. Stupid spammers).
Next time you see a security update for your blog, download it immediately.
Topics: Ramblings | 1 Comment »
Subscribe to my feed here!
Read other related posts:
John Chow vs Shoemoney RSS challenge
By maurizio | October 10, 2007
This week I’m really busy that I have just the time to update my little table widget with competition’s stats.
As you can see from it, John Chow is apparently on the lead with the 4.5% (415 readers) while Shoemoney is just at 1.5% (170 readers).
John is winning not only by percentage, but also by sheer numbers. I think that Jeremy should start worrying.
Meanwhile I have just 35 RSS subscribers..
Subscribe to my feed, please. :D
Topics: Ramblings | No Comments »
Subscribe to my feed here!
Read other related posts:
Spam from Microsoft Live
By maurizio | October 7, 2007
Today I’m too lazy to check if I’m right or wrong so let me know if I am wrong. Let me know if I’m right too…I like feedback. :-)
Anyway the thing is that I’ve received an email from “Microsoft”
We received your request to reset your Windows Live password
Uhm. very suspect. A txt email from Microsoft? Why not the usual superbig html page? Let’s go on..
If you didn’t request that your password be reset, please follow the instructions below to cancel your request.
Phishing alert N.1! Why Microsoft should create a sequence of operations for something so dumb? If I haven’t requested it, just forget it after a while as 99.999% of other sites does. Ok, Microsoft is able to create braindead things to do, but not this time IMHO.
IMPORTANT: Because fraudulent (”phishing”) e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.
Nice suggestion! That could solve half of the phishing problem. Most of the phishing attempt can be solved this way because the “trick” is inside the mail, but you can have “phishing tricks” on the site too. (Check my post about Paypal spam to see what’s a “phishing email trick”). The suggestion is useless for this email because it’s plain and simple text without any kind of html or javascript on it.
Copy the following web address:
https://accountservices.msn.com/EmailPage.srf?emailid=50ace34168ea8a4
This is the tricky part. I do not use Live a lot (I’m not even sure if I’m registered with the email I’ve received the spam on) but I can imagine that the problem lies on the way Microsoft want to use soo much their users.
Microsoft is probably offering the possibility to let users send email with Urls on it. I don’t want to check, but if you have an account on Live, just look for an option that allow you to send an email with the link of the page you are watching.
That option will probably create a long link with a unreadable url starting with a Microsoft’ server as the link I’ve copied above.
That’s it! You have a link for a Microsoft service with a Microsoft url. Of course the page they link are just copies of the real Microsoft pages. In fact if you dare to open them, you’ll see the link below (”Privacy”, etc.) that point to some strange urls, always on live. The thing is that those pages are on Users’ Accounts! Look at them.
I don’t think I’m wrong but I’d like to hear if other people got the same emails.
Topics: Ramblings | 3 Comments »
Subscribe to my feed here!
Read other related posts:
