Stills from Kanye West’s Runaway
Earlier tonight Kanye debuted Runaway, a short film he put together for his upcoming album. The storyline is typical and the acting is amateur, but where the film does excel is in its amazing visuals:
Joseph Rosario
A fine WordPress.com site
Month: October, 2010
October 15, 2010
Lazy Phisherman.
Every morning I wake up to my usual assortment of emails–a few social media updates, daily deal schedules, and the occasional followup email from someone that I happened to meet that particular week. But today I was excited to find in my inbox a rare gem that doesn’t usually make it through Gmail’s spam filter these days, a phishing email.
“Why are you excited about being phished?” you might ask. Really its because I like to think of phishing as an art form, and it is. So I like to take note of finely crafted scams, designed to steal money/information/dignity from me.
But when I opened up the email I didn’t find that. I found utter laziness:
- Non-spoofed email address – It’s so easy to fake your email address these days, that spoofing is a must for phishing. I remember back in 2000, the first big time phishing scam was PayPaI.com (spelled with a capitol “i”). At least those guys put some thought into authenticating the email a little more.
- Non-personalized greeting – Not all companies use personalized greetings, but most of the big ones do (usually with your full name or account name).
- Non-manipulated URL link – When phishers have chosen poorly targeted domain names to direct the phishee to, the best thing to do is manipulate the link with an ‘@’ symbol. It’s an old method, but can still look to be relatively authentic.
- Non-working URL link – Now this is just plain stupid. The phisher here forgot to add an ‘x’ in the ‘index.html’ part of the anchor. So even if I were to try and “restore my account” by clicking on the link, I wouldn’t even be able to access the forged website.
- ASCII graphics – Most email templates from well known companies use HTML templating with CSS’d images for beautified emails. Images can take a lot of resources, but at least things like horizontal lines used in this email should be made with an ‘hr’ tag.
- Faux Footer – A nice authentic-looking footer helps a lot with the phishing scam. The one created here is fragmented and overly complex. A simple copy and paste from an official PayPal email would have sufficed.
- BONUS – Upon fixing the linked URL, I discovered that the would-be forged website is not a forged PayPal site at all, but instead a link to the schedule of a Russian church. Oh, and it’s IN RUSSIAN!
There’s so many things here that have led this phish to be a big #FAIL. But while I didn’t get the art-y scam I was hoping for, I did get a good laugh.
Cheers lazy phisherman!
October 7, 2010
Slow and Low. That is the Tempo.
Not a performance to be proud of by any means, but it’s nice to start running on the city streets again. FYI, I’m still breaking in my Vibram Five Fingers as well.
Joseph Rosario 