“A nearly impenetrable thicket of geekitude…”

Spam

Spam, spam, spam, spam, spam. The scourge of modern life. Or at least one of them.

Neci Feihsi

Posted on February 18, 2005 at 15:23

I got an interesting phish in today’s e-mail. Here’s how it looked in Thunderbird:

Dera Baalcrys Membre,

Tsih eamil was setn by the Braclays svreer
to verify yoru eiaml addrsse.

…and so on. My initial fears that the bad guys have finally lost it and just given up were allayed when I looked at the actual source of the message:

Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
…
De‮ra‬ Ba‮alcr‬ys
Memb‮re‬,

What is going on here? The message body is an attempt at Unicode. Code point 8238 is “right-to-left override”; code point 8236 is “pop directional formatting”. The sections contained within the “‮‬” groups are therefore supposed to be printed backwards.

How delightfully creative. Except that the message is marked as being encoded in ISO-8859-1, which doesn’t contain those code points. All the cleverness (probably aimed at some mail program that accepts the invalid code points) was ignored, leaving gibberish. The good news is that even if they fix that, the presence of “‮” in e-mail is going to be a pretty good indicator of something phishy going on.

Tags:

Comments Return

Posted on October 1, 2004 at 11:25

Courtesy of a custom Perl installation and Jay Allen’s latest MT-Blacklist software, anonymous comments are enabled again.

Tags:

Read more

Arms Race

Posted on May 20, 2004 at 19:47

While listening to an interview with Bruce Schneier recently, I was struck by his depiction of the problem of the red and blue doors. Simply put, he observes that much security thinking is (given the way politics works) inevitably built around watching which door the bad guys go through, then putting guards on it. Money spent, “something has been done”, problem solved.

Tags:

Read more

Blog Comment Spam

Posted on October 3, 2003 at 16:01

New medium, same old sleaze it seems. Today, someone wishing to advertise Those Blue Pills placed a comment on each of the fifteen posts I’d made here so far. Just to make sure the message got through, some posts got up to three copies of the advertisement.

This was annoying, but I should have been expecting it.

Tags:

Read more

New UK Anti-Spam Regulations

Posted on September 24, 2003 at 00:23

There is a continual flurry of secondary legislation being laid before the UK parliament every day it is in session. Most of it, like the The Tonnage Tax (Training Requirement) (Amendment) Regulations 2003 (Statutory Instrument 2003 No. 2320), is of interest to very few of us. An exception to this general rule might be The Privacy and Electronic Communications (EC Directive) Regulations 2003, laid before parliament on the 18th of September and coming into force on December 11th.

Tags:

Read more

Spam: "Why Can't You Just..."

Posted on September 22, 2003 at 23:18

Along with computer viruses, spam (however defined) is becoming a significant barrier to actually getting things done with these computer things. Almost everyone would love it if there was an easy solution to the problems spam causes: either a technical solution or a non-technical (legal or social) one would do.

Tags:

Read more