Arctangential

I had an interesting media acquisition day today. I picked up:

Dave Brubeck's Greatest Hits,
The 40 Year Old Virgin (HD-DVD),
The Man Who Fell to Earth (Criterion Collection Edition),
symbiopsychotaxiplasm (Criterion Collection also),
Sunrise,
and How Green was My Valley

The Man Who Fell to Earth also came with a book, and I also got a Rubik’s cube. In tangentially-media-related news, I also got a DVD holder at Ikea, and a 24″ widescreen monitor.

I’m done buying stuff for… well, a while anyways. Hopefully.

I get a fair amount of spam. Actually, I get a really enormous amount of spam, hundreds of messages a day, but I hardly see any of it before it’s auto filtered and all that stuff. Now and then, however, a piece slips through the filters and I see it in one of my real mail folders. Usually I take a look at the message, more out of curiosity than anything else. Sometimes if it looks like an interesting scam message, I will investigate it a little more to see how they’re trying to fool people.

Most scams try to look like a legitimate email from a real service, like eBay or amazon or a bank or whatever. They generally try to look like some kind of warning message, like authorizing a large transfer from your paypal account, or a warning about account expiration or a fraud alert, etc. They then tell you click a link to verify / update / cancel whatever they’re lying to you about. The page they link to looks just like the site you think you’re on, but it’s actually at some other site, and when you enter your username / password, you’re now screwed. These are very easy to detect: the links you click on usually look something like this:

(This URL is from a fake email about a security problem with Chase)

http://64.310.180.28/chaseonline.chase.com/colappmgr/colportal/prospect_nfpb=true_pageLabel=page_logon/How%20We%20Protect%20You.htm

With a very cursory examination we see that it looks to be linking to “chaseonline.chase.com”, but the actual host in this URL is just some random IP address. (In this case, a random IP address in Georgia. If I had to guess, I’d say it was a hijacked PC.)

Now the scam I just got, tricked me for almost a full second, and as such impressed me. It was a fake eBay email, claiming to be an urgent question from someone interested in buying one of my eBay items (of which I have none). I hovered the URLs in the email, as I usually do when they slip through, and was shocked to see that they were actually links to eBay! I thought at first that it was some kind of misconfigured spam that wasn’t sending me off to the wrong place, until I looked a little more closely at the URLs:

http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&partner=25047&loc=http%3A%2F%2Fus.ebayobjects.com%2F2c%3B47586106%3B12593038%3Bl%3Fhttp://www.aol.com/redir.adp?_url=http://265.128.166.295:82/httpsiginin.ebay.com/reg.php

That’s actually a link to a function on eBay’s site to redirect people off of their site. In this case it’s redirecting to this URL:

http://us.ebayobjects.com/2c;47927106;12587238;l?http://www.aol.com/redir.adp?_url=http://265.128.166.295:82/httpsiginin.ebay.com/reg.php

Which is then redirecting to this URL:

http://www.aol.com/redir.adp?_url=http://265.128.166.295:82/httpsiginin.ebay.com/reg.php

Which is actually a URL at AOL, which finally redirects to this URL:

http://265.128.166.295:82/httpsiginin.ebay.com/reg.php

Which is your basic scammer’s site. (And in this case, is an IP address in Florida.)

Why so convoluted? Well, at first they want to do this to make the URL look like it’s a real eBay URL, in order to fool spam detectors (which it did) and, secondarily, people like me (which it also did, for a very short period of time). However, redirectors like this, at least on good websites, will only allow themselves to be used to redirect to a certain list of sites. In this case, we see that the eBay redirector will only allow redirections to ebayobjects.com. However, there’s a redirector on ebayobjects.com which allows redirections to aol.com. And then, clearly, the AOL redirector is stupid, and allows redirection anywhere. This is a fairly clever setup. You could have some fun writing some code to find these “open relays” with some clever google searches, and then finding paths between them, to make all kinds of multi-redirect URLs like this.

Please don’t visit any of the URLs in this post. I’ve modified them so that they don’t actually go anywhere any more, but it’s still a bad idea, and it’s better to be safe than sorry.

So, what has been going on with me lately? Who cares? I don’t care who cares, I’m going to type it in anyways.

I moved groups at work, due to a few reasons. Some “personality clashes” with a new manager (this is code for “he is a jerk”, but we aren’t allowed to say that) along with my just being sort of tired of working on what that team works on, and being very tired of the team’s on-call schedule were just a few of these reasons. My new team is pretty cool, we’re having a few problems with focus right now but otherwise things are going well in that direction.

I took a trip out to Albany in late May for my sister’s wedding. The event itself wasn’t very exciting (massive, overblown and embarrassingly opulent, but not interesting), but the trip itself was not bad. I took a train from Seattle to Chicago, had 6 hours in Chicago, then a train from Chicago to Albany. The train to Albany was 6 hours late, and arrived after the rental company closed, so I had a kind of harrowing time getting to my hotel and then back to the rental car place the next day to get my car. Things were fine after that. After the wedding was a train back to Chicago (on time this time), 8 hours in Chicago and then the train back home.

I’ve come to enjoy rail travel. It’s expensive and slow, but the scenery is great and you have a lot of time to yourself. You’re also forced into conversation with strangers during meal times, which I found difficult at first but but appreciated as the trip went on, as a regular and short interval from my forced isolation. The train food isn’t bad, especially if you’ve paid for a sleeper car and you get to eat in the dining car for free. The dining car food is pretty good, but horribly overpriced. The only alternative is the lounge car, which is basically just pre-made sandwiches, microwaveable burritos, candy and other such garbage. Also, still overpriced.

Chicago was fun, but I did get a little bit lost on my first visit. Instead of heading east to Michigan Ave and the museums and everything, I accidentally headed south, with ended me up in what I can only describe as “The Post Office District”. Downtown Chicago has at least 4 full city blocks with nothing but post office buildings and facilities. I wandered around there for a while and eventually figured out where I was, but by the time I made it back to the train station, I was no longer in the mood to walk around, so I just sat around the station and waited for my train. On my second visit to Chicago, I wisely took a cab to the Aquarium. However, upon arrival, I discovered that it was “Kids Under 4 Get In Free” day. This is a hell day. I of course didn’t entirely realize what was going on until after I’d bought my ticket, so I did wander around for a little while, but had to vacate the premises fairly quickly. I took a cab back to the area near the train station and looked for somewhere to eat. I discovered, much to my chagrin, that there is nowhere interesting to eat in that area of the city, and ended up having a semi-OK reuben in a little bar, served by the world’s surliest waitress.

And now I am back in Seattle. It took me almost 2 weeks to write this post. I hope the next one doesn’t take as long.