Recently I’ve had a sudden influx of porn related spam. Given that I dont usually get much spam, this was quite a surprise. Of particular interest, the influx started after applying, online, for a Barclay card.

Each email is a couple of lines packed with sexual related words, and includes a link which, when clicked, submits a GET variable to a script at the target URL, thusly validating the email address.

Example:

sexy blonde sucking and fucking
Hardcored and cummed
http://redheadteen.info/prime/siper.html?fMjXUYf.gVXjbW,hVX
Busty blonde oiled up
Amateur sex hardcore couple


The URL and .html file are variable. Obviously a little regex could filter out these emails due to the number of obscene words. But for anyone a little less tech savvy, a simpler solution is available.

The encoded variable at the end doesnt stand out to be of any particular type (base64, rot13 etc). However, cracking the code is extremely simplistic. The spammer uses a basic character substitution algorithm. Below are two tables, the first is what we know to be true, the second is the most likely completion of the conversion. Clear text is in bold, cipher text is in red

Verified Conversion Table

Most Obvious Completion

What becomes apparent is that the encoded GET variable is the receipients email address. As we know the variable content will be fixed (as apposed to random and matched in a database when processing) we can then use this to create a filter.

Option one would be to create a filter on the whole string. This is fine if you only have one email address, if you have multiple email addresses using only one domain, you could specifiy the filter to run after the @, or in the case of the cipher text, the “.”

If you have numerous email addresses across a number of domains, the obvious option would be to set to filter the encoded top level domains: ,WfQ(.net) ,hVX(.com) ,VSd(.org) etc

You can find details on how to set email filters on a number of mail clients at HideMyEmail - Spam FAQ as well as methods to help prevent spam

Sony Ericsson, in partnership with Fossil watches, have recently announced a new range of personal time pieces that, using embedded bluetooth, display the caller ID on the watch face, as well as giving you an option to forward the call to voicemail. Thus eliminating the need to forceably scramble around in your pocket again.

When an incoming call is received, the watch will vibrate and show you whose calling on a small display in the center of the watch, giving you a serious of options. Whilst bluetooth is renowned for using a fair whack of power, this type of device pairing is likely what Nokia is aiming for with the release of its new Wibree short range, low power data transfer technology.

A new anti-theft system has been designed that aims to significantly reduce the current rise in mobile phone theft.

Remote XT is a system whereby, upon discovering the theft of a phone, the user can ring a call center who will then send out a signal to the robbed phone. This signal destroys all the data on the phone, before emitting a high pitched annoying screetch, rendering the device completely unusable.

“We also then set a small bomb off, if you like, that completely wipes the data…if it has genuinely been stolen then it renders the phone useless to the thief,” says Mark Whiteman, MD of Remote XT.

The noise can be stopped by simply removing the battery, however, upon re-insertion the noise continues. This may provide a temporary measure that can be employed whilst work on reverse engineering the phone takes place. Whilst it hasnt been confirmed, the noise is probably active with any power source, whether battery or mains.

Strangely enough, I’m told that Hyper, from Hackers Voice Radio, came up with this idea a while ago, as mention at the end of the HVTV2 hacker video.

Just a quick reminder that this years Brumcon hacker convention is set to go ahead on Saturday October 7th.

Details are as follows:

Thistle Birmingham Edgbaston
225 Hagley Road, Edgbaston
Birmingham. B16 9RY

Doors open 11.30am Talks start at 12.00

Talks so far in no particular order:-

What’s On The Cards:

• Security Issues Surrounding Card-based Authentication.
• Mobile Java programming: For fun, profit and voyeurism.
• IPv “what?”: yeah what !!!.
• “All Your Email Belong To Us”: The meat and guts.
• Your Games 0wn U: Please Update Me.
• UPnP NAT Manipulation: Yeah that’s (U)n(P)rotected (N)etwork (P)hun.
• All day event. Hack the Flag !!! —- Yes Ok we keep getting asked!! Last flag flying gets a gift

More Information : www.brum2600.net

Unfortunately it would appeat that some complete idiot has decided to make a sequal to the classic hacker film Wargames.

This time around Stuart Gillard, of The Outer Limits and Charmed fame, has been named as the director of the sequal to the classic 1983 film whereby young hacker David Lightman (Mathew Brodderick) embarks in a deadly game with the US national defense super-computer, thinking its merely a computer game and almost lending a hand to total world destruction.

Wargames 2 : The Dead Game, is said to be set around very similar exploits, a teenage hacker whose world gets turned upside after playing an online terrorist-attack simulator game against a government super-computer designed to profile potential terrorists. Consequently, all hell breaks loose when Homeland Security is convinced that he’s a terrorist intent on disrupting the fabric of society.

Pre-location photography is expected to take place mid-november, and the IMDB lists the film for a 2007 release, although details are scare.

The film will, no doubtebly, be a complete failure, with a quality somewhat reminiscent of Xena or Andromeda, perhaps the JasonX of the Wargames concept. Consequently prices of the original Wargames are expected to saw, with the exception of HMV where it was last clocked at £17.99

Perhaps one day Hollywood will stop pirating other peoples ideas, trying to convince us its something new and then sue us for downloading what is enevitably a bag of shit, and actually start producing content thats *worth* buying. We can but hope.

The US government has taken a step back from control of the internet with a new contract between it and overseeing organisation ICANN that came into effect yesterday.

The three-year contract, with an apparently significant halfway review point, has been heralded by both ICANN and the Department of Commerce as a sign that the US government has listened to worldwide criticism of its continued oversight role and has responded by providing ICANN with a new degree of autonomy.

However, experts disagree, with one calling it “old wine in a new bottle”, and another barely concealing his frustration with an administration that promised eight years ago it would end its role but now has decided “we will have to wait another three years, at a minimum”.

Read More : The Register - US Government Steps Back From Internet Control

The following content is taken from oranchak.com …

When I was a dumb teenager, I spent a lot of time dabbling in the phreaker culture of the late 80s / early 90s. During that time, I made audio recordings of compromised voice mail box systems that were commandeered by phone hackers. The hackers would replace the original box greetings with more interesting content such as calling card / credit card numbers, underground BBS numbers, hacking tips, and other goodies.

These recordings languished on crappy, hissy old analog tapes until a few years ago when I decided to digitize them for posterity onto my home computer. There they languished still, until the other day when I decided to contact Jason Scott (of textfiles.com and bbsdocumentary.com fame) for his advice on how to get the files out for posterity. He very generously offered his support of hosting and cataloging the audio files here: Link.

I’ve released the files in the interest of preserving a little bit of hacker culture history. I was motivated to do this because I have not yet had any luck finding any similar audio files out there.

He has begun adding interesting descriptions for the files in this directory: Link.