Category: Security

Warning, links are not work safe, and added some extra characters to break the urls

Interesting, I found this in my http logs today

riversideactiongroup.org 81.177.14.41 - - [05/Jun/2007:15:35:08 -0400] "GET / HTTP/1.1" 
200 36822 "https://c4806.loladotraff.info/522567xx/" "Opera/9.00 (Windows NT 5.1; U; en)"
*** "https://c4806.loladotraff.info/522567xx/"

So I did a wget on the url and got

hey! your Link a here : Blog
Given from:
https://www.riversideactiongroup.org/

The first thing that went through my mind was the site had been hacked and was redirecting to a porn site, then I added a browsers string to wget

 
wget -U "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.4) 
Gecko/20070515 Firefox/2.0.0.4" https://

and got a screen full of html with an iframe that points to the porn I saw earlier.

So it looks like someone is creating a website that when viewed with a search bot will display a page mentioning https://www.riversideactiongroup.org but when viewed with a mainstream browser will display porn.

I am not sure why I saw the reference to the loladotraff site in the logs but makes me wonder if any real people are searching for riversideactiongroup and getting porn. I did a quick search on google, yahoo and ask but didn’t come up with anything obvious.

I have been following openID for a while now since I first heard about it on livejournal from brad.

OpenID let you use any authentication provider to prove you are who you say you are. For example if you have a livejournal account you can can leave comments on my blog using your livejournal credentials instead of having to create an account on my blog. You don’t ever give me your username and password, instead my web site would redirect you to livejournal, you enter your username and password then livejournal tells my website if it was successful or not.

Given that anyone can set up a openid server and start using it for spamming comments on blogs I think blog owners will start ranking openID servers on their trust worthiness. This could be very easy to do in the same way Real Time Block Lists (RBLs) work for spam. The end result is that blog owners can look up to see how trustworthy a site is before accepting the credentials. If an openid server is known to be used by spammers then it would get a negative number, otherwise it would have a value between 100 and 0 depending on complaints and compliments.

This opens and interesting idea. What happens if banks started offering an openID services. I know that I would be more likely to trust someone who authenticated using Bank of America compared to openid.somerandomhost.com. To get an openid account on a banking system would would require that the user would have had to open an account with them and jumped through whatever regularity hoops were required to do so.

This sounds very similar to an idea that was floating a few years back where banks would issue each user with a certificate which ther could use to prove their identity.

I mentioned this in my LJ blog, but I am still getting job spam. This time it came from jobspromogroup.com/careers.aspx and had that same id number at the end that links all of these together. 5992383. They are looking for a Web developer. This still smells like a scam.

This is a sad story on so many fronts. First that the staff in a Baltimore Best Buy are not trained well enough to know what is legal tender. Second that Baltimore County PD feel the need to hand cuff someone and drag them off for something as trivial as paying with $2 dollar bills. If the guy had resisted arrest that would be one thing. I guess in this case the guy was guilty till proven innocent. Then to suggest that “we’re all a little nervous in the post-9/11 world” is kind of silly.