The Brunch Table » security

A Cautionary Tale

Nick — Fri, 20 Apr 2007 12:37:58 +0000

Warning: don’t do a whois search using a web form on an unknown site.

Last week I was helping my aunt buy a domain name for her first web page, and I idly did a whois search for “sheilafox.com” using a page that I picked randomly out of some search results. That was a mistake. The search woke up a mysterious entity with a PO box in the British West Indies and a phone number in the Netherlands. It bought up the name that instant. Dreamhost confirms that this is a common scam.

I imagine these things must have some rules for evaluating the desirability–and therefore the ransom value–of a domain, right? Otherwise, wouldn’t they lose money buying up random losers like this?

Update: Turns out that many of these domain-purchasing bots take advantage of “free tryout” periods to evaluate a name for ad-revenue potential. Underperformers are tossed back into the sea…so if you lose a name to this kind of scam, keep whois-ing (from your own trusty terminal, of course). I recovered sheilafox.com a month later.

TSA SKU

Joe — Mon, 12 Feb 2007 02:24:37 +0000

The last time that I boarded an airplane was the very day of the alleged liquid explosives scare. (On that day we ended up just checking all our bags for simplicity’s sake.) As I’ve been packing and shopping for my first air trip since then, I’m surprised that more toiletry makers haven’t added sub-3oz TSA SKUs to their product lines by now. Even the empty plastic bottles that Walgreens had were all 4oz. Is it a conspiracy to keep people buying new supplies at their destination, or just a demonstration of how long it takes to retool the production lines? At least the plastic bag makers know what’s up:

That’s what I’m talkin’ ’bout.

Slow Disaster

Joe — Fri, 02 Sep 2005 02:52:53 +0000

I’ve been engrossed in work this week, so I’m only now realizing how badly things are going in the aftermath of Katrina. Like many others, apparently, I saw the reports that New Orleans hadn’t been completely leveled, breathed a premature sigh of relief, and went back to what I was doing.

And then the flooding began in earnest.

What surprises me most is how disorganized the official response seems to have been so far—JWZ has a good roundup. I hope there are serious political repercussions from this—this is what governments are supposed to be good for, after all.

I used to think that J. G. Ballard’s High Rise was merely a vicious satire, but then I read “Trapped in the Superdome”. (Fortunately, it does sound like they’re working on getting people out of there now.)

And once again, we see struggles over ice.

It’s unnerving to watch the fabric of civilization unravel at the edge of our country.

NYPD Flash Mobs

Joe — Sat, 31 Jul 2004 15:55:05 +0000

According to this article, the NYPD has recently been conducting odd flash mob style military parades that they’re calling “critical force surges”. Check out the similarities to the typical flash mob setup:

The dates, times and locations of these deployments are kept secret until the moment a mobilization is called over division radio frequencies. … Once all units have responded they are given specific instructions to create a presence on the street.

While these exercises do test the response speed of NYPD forces, there’s more to it than that, as described by a supposed NYPD bulletin:

The purpose is to basically intimidate those individuals who would even contemplate any kind of criminal activity and to send a message to potential terrorists that the NYPD can rapidly respond to virtually any situation.

TerrorToons

Joe — Fri, 21 Feb 2003 04:22:48 +0000

Since Homeland Security’s terror-preparedness site has generously provided us with hilarious Airtoons-like safety graphics, it’s time to go to town. Update: These things are popping up everywhere!

Survival Guide for “Weapons of Mass Destruction”

Joe — Sun, 16 Feb 2003 21:37:12 +0000

In the hopes of countering some of this duct tape hysteria, here are some hard facts on chemical, biological, and nuclear attacks. (via Boing Boing)

My Kafka-esque Amazon Hell

Joe — Sat, 11 Jan 2003 20:04:01 +0000

Like some pulp sci-fi character, I’m now trapped in the paradoxical position of having hijacked my own identity.

At some point in the past few weeks, instead of logging into my existing Amazon.com account, I somehow accidentally created a new account with the same email address, and probably the same password. I first noticed that something was up when the site stopped chummily calling me “Joe Hughes” and started using my email address. Furthermore, when I tried to add something to my wish list, I discovered that it was now empty. (I can still view, but not alter, my proper wish list by searching for myself.) In fact, this new account contains almost nothing besides my email address and password. After my first exchange with their customer service, I asked:

Why is it possible to have two accounts on one email address? In any case, could you delete the account which doesn’t have a wish list?

Their response:

Unfortunately, at this time, we will not be able to close the duplicate accounts under your email address because this extra account has no verifiable information on it.

I suppose I’ll have to have a little chat with them. I’d be tempted to just give up on them entirely, but I have some gift certificates from Christmas that I still need to cash in.

In the meantime, I’ve been enjoying my recent purchases from CD Baby immensely.

Backing Up Our Monuments

Joe — Tue, 07 Jan 2003 20:46:47 +0000

According to this AP story, the Statue of Liberty, Mount Rushmore, and the Capitol building have all been 3D-scanned. Presumably, this would make it easier to reconstruct them accurately if they were damaged by an attack. (It’s not clear to me whether the project was prompted by the Sept. 11 attacks, or whether this angle is just spin.)

Fooling Fingerprint Readers With $10 Gummi Fingers

Joe — Thu, 16 May 2002 04:51:00 +0000

Apparently, you don’t even need to cut off someone else’s finger to fool one of those high-tech fingerprint scanners–fingertip copies made of gelatin will do the job. Japanese cryptographer Tsutomu Matsumoto was able to reliably fool eleven different commercially available fingertip scanners using $10 worth of readily available materials. He was even able to use fingerprints to make gummi fingers that fooled the readers. Oops.