Monday, October 25, 2010

RSA Conference & BankInfoSecurity.com send Illegal Spam Through Lyris

I'm a big fan of BankInfo Security and their sister site GovInfo Security. So, colour me chagrined when I recently was spammed about the RSA Conference in February to my CAUCE.org address (that'd be the Coalition Against unsolicited Commercial Email!) and a brief investigation turns up that ismgcorp.com is behind the spam run.

What makes this noteworthy is two-fold.

The reply-to address, education@ismgcorp.com - bounces, and, the spam ended with this very special line:

"This is a one-time, opt-in mailing. No unsubscribe action necessary."


Wow. If I were an American ISP I might be in a position to sue RSA and ismgcorp.com under CAN SPAM - every email must have an unsubscribe facility contained within.

I've escalated this to contacts at both Lyris (elabs6.com) and BankInfo Security. Shame on them, and the RSA conference for allowing this to happen.

Here are the headers for those of you curious about this misdeed:
Received: by 10.216.29.149 with SMTP id i21cs81004wea;
       Wed, 20 Oct 2010 07:14:29 -0700 (PDT)
Received: by 10.229.213.200 with SMTP id gx8mr6537880qcb.89.1287584068489;
       Wed, 20 Oct 2010 07:14:28 -0700 (PDT)
Return-Path:
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53])
       by mx.google.com with ESMTP id g11si642719qcq.40.2010.10.20.07.14.27;
       Wed, 20 Oct 2010 07:14:28 -0700 (PDT)
Received: (qmail 82494 invoked by uid 1014); 20 Oct 2010 14:14:27 -0000
Received: (qmail 82492 invoked by uid 1014); 20 Oct 2010 14:14:27 -0000
Delivered-To: MUNGED@cauce.org
Received: (qmail 82489 invoked from network); 20 Oct 2010 14:14:27 -0000
Received: from ismgcorp.com ([208.66.206.171])
 by smtp.abuse.net ([64.57.183.109])
 with ESMTP via TCP id 158093424; 20 Oct 2010 14:14:23 -0000
Return-Path:
Received: from [10.0.6.54] ([10.0.6.54:37460] helo=mail4.elabs6.com)
    by mta04.l3s.lyris.net (envelope-from )
    (ecelerity 2.2.2.45 r(34222M)) with ESMTP
    id 55/A1-25964-A29FEBC4; Wed, 20 Oct 2010 07:14:02 -0700
To:
Subject: =?utf-8?Q?Early=20Bird=20Rate=20Ends=20November=2019=20for=20Premier=20Security=20Conference?=
Date: Wed, 20 Oct 2010 07:14:02 -0700
X-Delivery: Custom 12345965
Reply-To: education@ismgcorp.com
List-Unsubscribe:
Content-description: 05c68c57a6MUNGED@cauce.org!670d!c13a7!bc626d!rynof6.pbz!
X-Complaints-To: abuse@elabs6.com
Message-Id: <20101020141403.05C68C57A626@elabs6.com>
MIME-Version: 1.0

Epic Facebook Ad Fail

I guess it is too much to ask to spell-check your ad for counterfeit sports memorabilia

Sunday, August 08, 2010

How Dumb Do You Have to be to Respond to Spam?

Really, really dumb, apparently.

I just received the following spam (n.b. the 'confidentiality notice which disallows me from posting it here!!)


Dear Neil,

As you know, you have been considered for inclusion in the upcoming 2010 Edition of Strathmore's Who's Who for Executives and Professionals, which is scheduled for publication in late 2010. Despite our efforts to contact you, we have still not received your contact information .

To reply with your contact information, please visit here.


Strathmore's Who's Who, publisher of over 350,000 biographies, continues to uphold its reputation as the world's foremost source for biographical reference, with an unmatched dedication to accurate biographical reporting.

The publication's editors are now assembling the biographical profiles of today's leaders from a wide range of professional fields into one comprehensive collection. Thousands of researchers at medical, academic, public and corporate libraries, as well as journalists and media professionals, rely upon Strathmore's Who's Who as a daily reference tool for obtaining information about the world's most experienced men and women. Inclusion in our directory is considered by many as a important mark of achievement.

You have already been selected based on your current professional standing. The information you provide will be evaluated according to the selection criteria Strathmore's Who's Who has developed over many years as the world's premier biographical publisher. If your data passes our initial screening, we will prepare your biography.

Please remember: Inclusion of your biography in Strathmore's Who's Who carries neither cost nor commitment on your behalf. Our goal with each new edition is to prepare a biographies spanning the spectrum of noteworthy and accomplished men and women across all areas of the professional world.

To be considered for inclusion in this prestigious registry, you need only provide the requested information by completing our online biographical data form.

To verify your profile and accept the candidacy, please visit here.

I congratulate you on the achievements that have brought your name to the attention of our editorial committee. I look forward to hearing from you.

Sincerely,
J.M. Blakely
Vice President, Research Division

Strathmore's Who's Who
26 Bond Street
Westbury, NY 11590, USA

Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please delete the communication and unsubscribe from the mailing using the options available in this email.
Clicking through to their landing page at http://www.eliteprofessionalregistry.com/ I get to enter all of my personal information. Now, I have to ask myself, if I have "already been selected based on your current professional standing" don't they already know my name, industry, and personal specialty, which happens to be spamfighting?


Could this be a mere pitch to sell me their crappy directory? You bet.

Sunday, May 09, 2010

More on the 'rockstar' thing

Seriously, now we are seeing ninjas, rockstars and most lately, stormtroopers in the marketing community.

If you fancy yourself a rockstar, ask yourself this : Have you ever mistaken a plate of heroin being circulated around the room for cocaine? Has a 14 year-old girl threatened her mother that she would run away from home unless she let her go fuck you at your hotel? Did you furnish mom's home afterwards? Have you pee'd on a 14 year-old girl recently? Married one who happens to be your cousin? Shot your car with a handgun while blasted out of your mind on PCP? Lost your right drumming arm in a drunken car crash? Over-dosed, ever? Died from an overdose, ever?

I'm thinking that most marketers want to be rockstars, in theory, but are far too public-image conscious to be Jimmy Page, or Jerry Lee Lewis, or James Brown. Being a rockstar would get their pant suits dirty.

Thursday, April 22, 2010

The "prophet" Muhammad in a bear suit



http://news.bbc.co.uk/2/hi/entertainment/8636455.stm

The radical Islamist assholes at Revolution Muslim told South Park's Matt Stone and Trey Parker they would "probably wind up like Theo Van Gogh". The Dutch film-maker was shot and stabbed to death in 2004 by an Islamist angered by his film about Muslim women.

revolutionmuslim.com are cowards; they have domain privacy in place to hide themselves, and the website is currently down. However, Google cache has some contact information:

Phone Number: (212) 203-7606 or (718) 312-8203
E-Mail: revolutionmuslim@gmail.com

Here's what Muhammad looks like when he isn't in a bear suit

Friday, April 16, 2010

What passes for shocking

The Register today reports that a photo shoot promoting the latest Shrek ouvre, 'Forever After' went awry, with the inclusion of scantily clothed young things amidst cartoon (well, CGI) characters.

Apparently Paramount and Dreamworks somehow didn't NIX the release of the shoot; they note they won't be suing, but did voice their concern. Please. They own the likenesses and could easily pull the plug. Sounds more to me like this tepid atempt at publicity wasn't getting any coverage, and Paramount hoped to give it a bump. Check it out here to see how tame this 'controversial' set of pictures really is.

Paramount and Dreamworks would have done well to take a page from famous non-stars from the reality t.v./straight to video movie world, perhaps having Shrek pull a Lilo, and flash his genitals at papparazzi after being hauled drunk from a club, or perhaps Princess Fiona could have taken the Tila Tequila route, and released 'I Fucked the D.J.' to attain a level of infamy by promoting bare-back sex.

I've included a helpful link for those of you not fully familiar with this latter think piece.

Tuesday, April 13, 2010

Misuse of the language pt. #372: "Rock Star"

"Rock Star" is a ubiquitous phrase these days. So as to clarify what the term means, we offer the following by way of definition:

Rock Stars


Not Rock Stars



Rock Star


Not Rock Star




Rock Star


Former Rock Star, now Not Rock Star

Wednesday, April 07, 2010

Definition of a consumer

consumer - something the size of a baby hippo, the color of a week-old boiled potato, that lives by itself, in the dark, in a double-wide on the outskirts of Topeka. It's covered with eyes and it sweats constantly. The sweat runs into those eyes and makes them sting. It has no mouth... no genitals, and can only express its mute extremes of murderous rage and infantile desire by changing the channels on a universal remote. - William Gibson

Stolen from Cory Doctorow's piece on iPads


This is why we at CAUCE are careful to refer to people as end-users, email users, recipients, subscribers, and so on; anything BUT a consumer!!

Sunday, April 04, 2010

Safe Porn + Safe Web surfing

As defacto resident anti-abuse/computer security guy for my friends and family, someone recently asked me for advice about which porn sites were safe to browse.

While I can't answer specifically (everyone's tastes differ), I can say this:

Use Firefox to browse, you can download it at http://getfirefox.com

Then (and this is important) download the following plugins

Netcraft toolbar
Web o trust
McAffe Siteadvisor

(use the firefox 'addons' menu under tools press 'get addos' then 'browse all addons' then use search)

Of course, always make sure your operating system is kept up to date, (you should have your update checker to do so automatically, daily) as well as all your other software.

Run anti-virus and antu-spyware software (preferably two programs for each, if possible) and keep THEM up to date, check for new updates hourly if your program lets you.

One great way to keep software up to date is by using Versiontracker.com - you can pay $30/year and it checks everything on your hard drive and updates it automatically.

Never install plugins offered to you by a porn website (instead, install Adobe Flash, Quicktime, Realplayer and so on directly from their respective websites ONLY)

Never click on porn advertised by spam. Good porn doesn't need spam to advertise it.

Happy Surfing!

Tuesday, March 30, 2010

Grow a pair

If you wish to see your comments posted here, use you real name and a functional email address and blogger account. A spell check would be nice too. Anonymous posters will be presumed to be as spineless and irrelevant as their verbiage.

Sunday, March 14, 2010

Dog Abuse at J.R.'s Dog Training

This 'man', Joe Rosen, of J.R.'s Dog Training, located in Montreal, Quebec


Held this dog



2 feet off the ground with this choker chain



His idea of 'off-leash training' is to use the choker chain as well. Except, he threw the chain at the dog's face.

Wednesday, March 03, 2010

I'm a wanted criminal

The Quebec Justice Dept. is filing to have an arrest warrant issued for me. Called them to see why. Apparently some evil parking at the airport (I take taxis, ergo impossible) and driving without insurance (dead stupid, since I got receipts dating back to 1998).

The nice lady from Justice, one Jennifer Boisclair, contacted at 14:14 02/mar/2010 assures me she will get back to me. Uh-huh. How about you get in touch with your IT department and fix your database??

The funny bits are the paper here says they attempted to do a property seizure (also not true, if they had, I would have gladly handed over my near-dead car. Anyone willing to pay me for this thing is ... much appreciated).

Interested to see how this plays out. Who here will bail me out? Anyone? Bueller? BUELLER???

UPDATE: I called today (15/mar/2010) since Ms. Boisclair hadn't gotten back to me as promised. She is on vacation, and her colleague told me she saw no backing documentation received as yet. I just can't go back to prison, again.

Saturday, January 16, 2010

Charity Resources

UPDATE - Outbound IPs

World Food Programme
64.62.200.42

American Red Cross
66.45.103.41

Compassion International
208.85.48.45

UNICEF
66.45.103.47

David Harley, the Director of Malware Intelligence at ESET passed on the following resource URLs :

http://www.eset.com/threat-center/blog/2010/01/14/haiti-help-resources
http://www.eset.com/threat-center/blog/2010/01/16/haiti-more-resources
http://jeffdebrosse.wordpress.com/2010/01/15/haiti-info-and-update/
http://avien.net/blog/?p=349
http://avien.net/blog/?p=359

Helping Haiti - The Email Community Response















It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless.

Help is needed now, and will be, for a very long time

In response, the immediate and continuing outpouring of generosity from individuals, companies and organizations, and governments has been astounding.

The outpouring has relied on the Internet and mobile phones to facilitate donations.

And, along with it, came scum attempting to defraud people with fake charities, posting links to Twitter and the inevitable spammed campaigns.

Another matter that may be interfering with charities and relief organizations to do their work are spam filters and blacklists. Unfortunately, the reality is that some charities are better at fund-raising and helping people than following email best practices, and despite the fundamental nature of their work, their IPs have ended up blocked, or they are not getting the delivery they need, particularly at this time of crisis.

So, what can we do as a community to assist them?

RECEIVERS, FILTERING SERVICES & DNSBLs
Please, Whitelist the IPs (and domains) of any charity known to be assisting in the Haitian relief effort.

Yes, I know, they might be sending lousy mail streams, lots of bounces, trap hits, etcetera. I suggest that for the next while, for whatever period of time you are comfortable, you turn a blind eye to that, instead, please cast wide-open eyes to the big picture. People, human beings like you and me need, the world's help and you can play an integral part in that effort.

SENDERS
If you are an ESP or ASP that is handling traffic for charities or other agencies involved in the relief effort, drop me an email to spamfighter@gmail.com and I will list them here, so others can use that information.

RESEARCHERS
I have a long list of charities, gleaned from a few trusted sources. If you can spend a little time digging around to find outbound IPs to add to the list, that would be great. Again, spamfighter@gmail.com

ANYONE & EVERYONE
If you can think of anything beyond these measures I've suggested, I'm all ears and would happily post it here. And, of course, please donate money. I know times are tough, many of our colleagues are hard-pressed, laid-off or even fired, so those of us who can afford it, please be extra-generous in your cash donations.

Thanks for considering being a part of this. The Haitian motto, on their flag is "L'union fait la force" : Unity is strength. Let's pull together to make this happen.

UPDATE: Steve Atkins from Word to the Wise has some great points of clarification to make. Bottom line, receivers should be checking authentication of sending domains and IPs in some fashion, be it a dns-based whitelist, or IP-or-domain level authentication. Senders should be wary of any new Haitian aid entities that suddenly spring up.

Here's what he said, in full:

But don't misread Neil's suggestions as a request to give spam that claims Haiti as an excuse, or claims to be from a legitimate charity a free pass.

Legitimate charities are having their web presence advertised heavily on television and online, they're not relying critically on email spam to get donations right now. And mail to their long term subscribers is probably going to be delivered just as well, or poorly, as it was last month.

On the other hand, there's a lot of scams out there claiming to be Haiti charity related. And viruses. And probably phishing, though I've not seen that myself yet.

If anything, I'd expect the legitimate charities to not want ISPs and filtering companies to give Haiti-related spam a pass, as it's less likely that their legitimate communication will be buried under the scams, viruses and junk. Someone who has sent $50 to a scam is unlikely to send another $50 to the legitimate charity. Especially do not whitelist or exempt from filtering their domains unless you're actually validating that the mail is really from them in some way, as some of the bad mail is claiming to be from legitimate domains too.

And if you're an ESP, don't believe any new client that's claiming to be a Haiti relief charity, unless you check them out more deeply than your normal due diligence.


Cheers,
Steve

Saturday, January 02, 2010

Lou Dobbs comes out of the closet as affiliated with Bill O'Reilly, Spams

This just in from Lou Dobbs, to whom I never gave my email address. Complaints sent to noxsolutions.com, alchemy.net, billoreilly.com, and loudobbs.com

From: Lou Dobbs
Subject: I'm Looking Ahead to an Important Year
Date: January 2, 2010 3:54:53 AM EST
To: Neil Schwartzman
Received: by 10.142.157.12 with SMTP id f12cs1033423wfe; Sat, 2 Jan 2010 00:52:26 -0800 (PST)
Received: by 10.220.121.143 with SMTP id h15mr6137490vcr.55.1262422345174; Sat, 02 Jan 2010 00:52:25 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by mx.google.com with ESMTP id 28si46909341vws.112.2010.01.02.00.52.24; Sat, 02 Jan 2010 00:52:25 -0800 (PST)
Received: (qmail 81148 invoked by uid 1014); 2 Jan 2010 08:52:24 -0000
Received: (qmail 81146 invoked from network); 2 Jan 2010 08:52:24 -0000
Received: from mail2.billoreilly.com (mail2.billoreilly.com [66.186.16.141]) by mail1.iecc.com ([208.31.42.56]) with ESMTP via TCP id 116769523; 02 Jan 2010 08:52:22 -0000
Received: from noxweb7 ([10.1.2.65]) by mail2.billoreilly.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 2 Jan 2010 00:52:19 -0800
Return-Path:
Return-Path: newsletter@loudobbs.com
Received-Spf: neutral (google.com: 208.31.42.53 is neither permitted nor denied by best guess record for domain of newsletter@loudobbs.com) client-ip=208.31.42.53;
Authentication-Results: mx.google.com; spf=neutral (google.com: 208.31.42.53 is neither permitted nor denied by best guess record for domain of newsletter@loudobbs.com) smtp.mail=newsletter@loudobbs.com
Message-Id: <544502092.21411262422493019.javamail.system@noxweb7>
Mime-Version: 1.0
Content-Type: text/html; charset=Cp1252
Content-Transfer-Encoding: quoted-printable
X-Mailer: Nox Solutions Mail 2.1.0
X-Originalarrivaltime: 02 Jan 2010 08:52:19.0164 (UTC) FILETIME=[E41169C0:01CA8B88]