More Junkmail from Bob!

Tuesday, March 29, 2005, Number 170
Important Stuff


Phishing Weather

I regularly get spam asking me (or "requiring" me) to logon to a bank web site and verify my account information. The email appears to have come from a legitimate bank. The web page it refers me to is a copy of the bank's page, complete with original graphics. It looks like the original page.

When people do enter their personal information on a web page like this, bad guys get hold of it and try to take your or other banks' money. The people who collect the personal and financial information from these fake web sites often sell it to others more accomplished in financial scamming.

It's easy not to get caught in these scams -- just don't even enter personal or financial information on a site you click on in an email. Even though the text of the email might say "schwab.com," you may actually be routed to a reprehensible site such as 65.70.73.69 or 209.30.112.226.

Yesterday I got an email with the subject "Your Monthly Ameritrade Electronic Statement." This was a legitimate email with a link to the Ameritrade page. At the Ameritrade page, you're asked for a user ID and password.

Being warped as I am, I happened to think how easy it would be to make a fake Ameritrade login page, and then send out a few million emails with a subject "Your Monthly Ameritrade Electronic Statement" and a link to my fake page. I could probably get several hundred Ameritrade user IDs and passwords. I could even have the site forward you to the real site after one attempt at logging in. That way, everybody would assume they just mistyped the password and would never know they'd been to the wrong site. It would be particularly effective if I spammed everyone one day before the real notices come out.

And if I thought of this, someone else will (if they haven't already).

How do you know where a link really goes to in an email? It's hard to tell. Sometimes the link address is not the same as the one in the text. This is true even for semi-legitimate emails, which often include information identifying the addressee of the email (you) and which email message was successful in getting you to click.

Some of the less legitimate emails will insert the legitimate link into the address line of your browser, even though the page your browser is showing is a different, fake web site.

Most of the emails that do this are in html form. In Outlook 98, and with most email programs with the possible exception of Outlook Express, you can display the source text of an html email. Inside that you can find the link, although sometimes it is disguised pretty well. For example, instead of...

   https://wwws.ameritrade.com/cgi-bin/stmtnow_login.cgi

...it might show something like this:

   https://wwws.ameritrade.com.3508433122/cgi-bin/stmtnow_login.cgi

What is 3508433122? You can put the IP address in the address line of a browser and go directly to that web site. For example, 209.30.112.226 takes you to xpda.com. But you can also use 3508433122 for the URL. This is 209*256^3 + 30*256^2 + 112*256 + 226. If you put 3508433122 into the address field of your browser, it should take you to xpda.com. So the link above would take you to a page in xpda.com, if I had bothered to make the page.

Anyway, it is safer to use a link in your favorites when you get an email notice of a monthly bank or brokerage statement. When you follow an email link, you might be going somewhere new and exciting. That may not be a good thing when it comes to finances.

I will not enter any personal financial information, including passwords, whenever I follow an email link. If I really want to go to that site, I'll find it in my favorites or just retype the URL.


Submarine Crash

On January 8, the Los Angeles fast attack sub USS San Francisco was cruising along at high speed about 500 feet under the Pacific. Then it hit an undersea mountain. Joseph Ashley was killed when he was thrown about 20 feet and hit his head on a pump. 23 others were injured. The submarine is now in dry dock at Guam.

      Details

The Captain Mooney was relieved of command and reprimanded. "Several critical navigational and voyage planning procedures were not being implemented aboard San Francisco. By not ensuring these standard procedures were followed, Mooney hazarded his vessel."

Last week, six others were cited for putting the ship into danger or dereliction of duty, and received demotions and/or letters of reprimand.

The submarine took a lot of damage. It's hard for me to believe that it didn't sink. Here it is in dry dock on January 27:

      050127-N-4658L-030      050127-N-4658L-015

The USS San Francisco being towed into Guam, January 26:

      050126-N-4658L-063


Misinformation

Guess what? The Transportation Safety Administration (TSA) misinformed the public about collecting personal data on airline passengers. Again.

I give up! They can have every piece of information I own, just stop lying about it!!!

      http://www.cnn.com/2005/TRAVEL/03/25/passenger.privacy.ap/index.html

They made false denials of data transfers to the public and to Congress, but according to this report they didn't break the law:

      http://xpda.com/junkmail/junk170/OIGr-05-12_Mar05.pdf

Let's see... this report on the TSA was done by the Department of Homeland Security. The TSA is part of the Department of Homeland Security. So the organization was reporting on itself for lying. Why would anybody question the results of that report?

      http://www.wired.com/news/privacy/0,1848,67031,00.html

Luckily, the TSA has put a stop to the misinformation. Now, instead of saying they won't ever look at passenger personal information, they announced they are requiring all airlines to give them all data on all passengers. This is primarily because people who fly on airplanes are terrorists.

Congress, in their infinite wisdom, recently gave the TSA 10 criteria to meet before implementing the passenger information system, called Secure Flight this week. The TSA met one -- establishing an oversight committee. They haven't quite gotten to developing redress procedures for passengers to correct erroneous information if they've been unfairly or incorrectly singled out for scrutiny on a watch list; conducting tests to measure the accuracy and efficacy of data used to screen passengers; establishing oversight policies for who can access data and how they can use it; ensuring that data is secure from outside intrusions or manipulation; or establishing privacy safeguards to preserve passengers' rights. Or the others.

TSA Spokesman Nico said, "We are on schedule." I think I heard that about Iraq once, also.

      http://www.wired.com/news/privacy/0,1848,67042,00.html


AUV

Unmanned aircraft are called UAV's, or Unmanned Aeronautical Vehicles. Unmanned Submarines are called AUV's, or Autonomous Underwater Vehicles.

I've read about others, but the Spray is unique. It's mostly Orange. It has a range of 3500 miles. It's 6 feet long, has a 4-foot "wingspan," and weights 112 lbs.

      spray

There have been several Spray AUV's built. They've been operating for most of the millennium. They are essentially undersea gliders. They move forward at about 1/2 knot by descending and ascending in the water. A battery powered hydraulic pump changes the ballast (or volume) to float or sink the Spray, and the wings are used to glide forward. Each down-up cycle covers around 4 miles.

Each wing of the Spray has a GPS and Iridium antenna. As the Spray approaches the surface, it rolls 90 degrees to lift a wing out of the water for communications. Using the wings for antennas reduces drag. Both wings have antennas, in case one is damaged. In fact, once a wing was damaged when a Spray AUV was hit by an errant surface vessel.

      http://spray.ucsd.edu/

      http://www.whoi.edu/mr/pr.do?id=3600

      http://www.whoi.edu/mr/pr.do?id=1758


Books for Sale

A guy named Charles got a job at the Tigard Public Library in Oregon. Then he checked out some books and videos. Then he logged them as "returned." Then he sold them on the internet. After about 1000 books and videos, Charles went to jail.


A Study has Shown...

Two researchers, Richard and Herbert, from the Florida Institute of Technology and Boston-based Security Innovation Inc., presented a report at the RSA computer security convention in San Francisco last month. The report said that Windows is more secure than Linux.

And by the way... Microsoft funded the study. They forgot to mention that at the conference.

      http://seattlepi.nwsource.com/business/217538_msftstudy25.html


VoIP Tapping

The FCC has decided to extend wiretapping regulations from telephones to cover VoIP conversations. VoIP is Voice over IP, where you can talk over the internet.

I saw the headlines and assumed they were protecting me from eavesdropping. But then I was always kind of naive. The FCC has decided that all providers of broadband or Internet phone service must provide police with backdoors for wiretapping access.

It makes me feel safe!

      http://www.voip-news.com/art/3y.html


Deep Impact

Deep Impact is on its way to crash into the comet Tempel 1 on July 4, 2005. The telescope is a little out of focus, but everything else looks good.

      http://www.nasa.gov/home/hqnews/2005/mar/HQ_05086_deep_impact.html

Deep Impact was launched on January 12.

      05pd0131


Corn Genetics

Genetically modified corn is on the loose! That's OK with me, though. I prefer the better corn and cheaper food prices.

      http://www.nature.com/news/2005/050321/full/nature03570.html


Pork Barrel Roads

Walmart is planning to get a new road. The U.S. House of Representatives has approved $37,000,000 for widening and extending the Bentonville, AR street that provides access to Walmart headquarters. I'm glad I can help!

      http://www.msnbc.msn.com/id/7294560

Those guys in Arkansas just can't compete with Boston, though. Boston got $14,600,000,000 for a tunnel, some roads, and a nice park or two. And the tunnel leaks!


Venezuela

Venezuela is a country in Northern South America:

      http://xpda.com/junkmail/junk170/central_america.pdf

Venezuela exports a lot of oil. 13.5% of U.S. petroleum imports came from Venezuela in 2004, ranked behind Canada, Saudi Arabia, and Mexico. That number has ranged between 11% and 18% in the past several years. The U.S. buys around 60% of Venezuela petroleum exports.

China has been investing in Venezuela lately, competing with the U.S. for Venezuela's oil exports.

      http://www.latinpetroleum.com/article_4011.shtml

The president of Venezuela is Hugo Chavez. U.S. Secretary of Defense Donald doesn't like Hugo. I don't think Hugo likes Donald, either. Several months ago, the CIA tried to have Hugo ousted. It didn't work. Lately Hugo said that the CIA is planning to assassinate him, and if that happens Venezuela will cut off all oil to the U.S.

Venezuela has some defense forces. They fly U.S. F-16 fighters. The have Belgian FAL rifles. Venezuela is planning to buy 100,000 AK-47's from Russia, along with 40-50 Mig-29 fighters.

When he was visiting Brazil, U.S. Defense Secretary Donald said about the purchases, "That's bad. Real bad." Brazil said, "So what? It's a free hemisphere." Donald said, "We'll see about that."

While he was on a roll, Donald also threatened to withhold military aid to Nicaragua unless they destroy all their shoulder launched surface-to-air missiles. Donald is afraid all those AK-47's and missiles are going to cross the border into the U.S. I was wondering why we're giving millions in military aid to Nicaragua in the first place, but I guess I must not understand politics.

So Venezuela is mad at us, but not so mad that they won't accept a few billion U.S. dollars for oil. The U.S. is excelling in international diplomacy, as usual.

      http://www.miami.com/mld/miamiherald/11215318.htm

      http://www.nytimes.com/2005/03/24/international/americas/24rumsfeld.html

      http://www.voanews.com/english/2005-03-24-voa51.cfm

      http://www.dawn.com/2005/03/26/int7.htm

I don't think I want to visit Venezuela. There are a lot of kidnappings there. Here's something from the State Department travel advisory:

"'Express kidnappings,' in which victims are seized in an attempt to get quick cash in exchange for their release, are a problem in Venezuela's capital, Caracas. Kidnapping of US citizens and other foreign nationals, from homes, hotels, unauthorized taxis and the airport terminal has occurred."

Elsewhere, the U.S. is selling F-16's to nuclear power Pakistan. I guess that will stabilize things in the region.

      http://news.bbc.co.uk/2/hi/south_asia/4387055.stm

At the same time, the U.S. is threatening Pakistan over human rights issues.

      http://www.usatoday.com/news/washington/2005-03-28-rights-report_x.htm

Pakistan replied, "No country is perfect." Really!

      http://www.hindustantimes.com/news/7598_1298451,000500020000.htm

Next door, the U.S. is planning to stay a while in Afghanistan, spending $83,000,000 to upgrade the airbases there.

      http://www.mercurynews.com/mld/mercurynews/news/world/11256166.htm

      http://online.wsj.com/article/0,,SB111202892148990967,00.html

Linux PC

Need a compact computer? Check out this Linux machine. It's 0.75 x 0.75 x 1.4 inches, and weighs 0.64 ounces (18 grams). It runs at 55MHz, up to 4 meg of flash memory and 8 meg of RAM.

      http://linuxdevices.com/news/NS8386088053.html


Shoes

Papua New Guinea's Prime Minister was asked to remove his shoes for a security search in Australia. He refused. I say if he doesn't have to, then I shouldn't have to.


When RFID Aren't

A couple of Junkmails ago (http://xpda.com/junkmail/junk168/junk168.htm) I mentioned that the Department of Homeland Security employees and contractors are getting cool new ID cards with embedded RFID's. That's what Homeland Security said.

Now Homeland Security has changed its tune. Yes, the cards are still coming out. Yes, they still have RFID's in them. However, some brilliant person at Homeland Security has decided that nobody in the organization will use the term RFID.

They are now "proximity chips," "contactless chips" or "contactless integrated circuits" -- anything but "RFID."

      http://www.wired.com/news/privacy/0,1848,67025,00.html

That'll keep us in the dark!


Ski Lift

A couple of guys were skiing at the Arcs, near Chambery, France. Toward the end of the day, the ski lift stopped, as it normally does. However, these two guys were stuck on the lift. All night. Oops.

      http://www.iol.co.za/index.php?set_id=1&click_id=29&art_id=qw111193308462F652

Pictures of Today!

These three were taken by my baby daughter near Breckenridge, CO a few days ago.

Sunset:

      P1000792

Tree Intersection:

      P1000825

Cornice:

      P1000836

Hilton Head Hikers:

      PICT1165      PICT1163      PICT1176

A Pond:

      PICT1183

A Log:

      PICT1185

Sneaking up on an alligator:

      PICT1189

Another alligator:

      PICT1220      PICT1221      PICT1209

Ibises:

      PICT1247      PICT1236

Bay Shore:

      PICT1283

Moonrise over the ocean:

      PICT1074



(c) 1955, all rights undeserved. Any unauthorized duplication, replication, mastication, or distribution if this fine piece of work is fine with me. Copy the heck out of it!

If you'd like to sign up for your very own Junkmail, go to

      http://xpda.com/junkmail

If you'd like to browse or search the archives, you can do that there also.

If you'd like to stop getting Junkmail, please select any or all of the following fun-filled options:

1. Turn of your computer and leave it off.
2. Use the Picotux without a display for your email.
3. Get a new email address and keep it secret.
4. Send me an email with "Kangerlussuaq" as the subject.

I'm Bob Webster from Earth. I can usually be found at bob@xpda.com
Have a nice day!