As the standard 419 scams become common knowledge, idiot fraudsters are looking for more ways in which to dupe the naive societies of the western world.

In their latest attempt, scammers operating from Amsterdamn and Rotterdamn have cloned well known courier websites, such as DHL and Lufthansa Cargo, in a bid to defraud the common citizen.

The new scam works like this; Potential fraudsters advertise used motor vehicles on popular sites, such as autotrader and car.com, for next to nothing. Would be buyers then discover that the item is housed abroad, often in Spain or another European country. At this point the fraudsters inform the buyer that transport costs need to be paid in advance, and recommend couriers such as “DHL Shippers” and “Lufthansa Worldwide Cargo”, and polished escrow services.

Of course the items dont exist. The advance fee is taken and nothing more is heard from the seller. The transport company websites use branding from the websites they mock in an effort to appear legit. The obvious advice to anyone looking at buying a used car or bike is that if it looks too good to be true, then it probably is. Refrain from buying items that require shipping from abroad and never pay upfront to unknown sellers.

(Please note that DHL Shippers and Lufthansa Worldwide Cargo are fictional companies used by scam scum.)

At the beginning of the second half of 2006, British Telecom began the migration of approximately 350,000 customers in the Cardiff, Bridgend and Pontypridd areas (UK) to an extraordinary new telecommunications network, a network that will radically transform the way in which we communicate. But what exactly is 21CN?

The initial release of our 21CN article series is now available at the following location.

http://www.2600uk.com/21st-century-network/

Be sure to check back as more articles and announcements are released and additional information becomes available.

Some nice-looking screenshots of Microsoft’s next version of Windows Mobile - codenamed ‘Crossbow’ - have popped up on the web to show the upcoming operating system’s swankier graphics.

The images come courtesy of MSMobileNews, which has a selection of shots on offer. Meanwhile, the similarly names MSMobiles has a smaller pic showing Windows Mobile 6.0/Windows Mobile 2007’s Vista-like folder icons.

The first report provides some Windows Mobile release information, though the data was first made public in April this year. Specifically, Crossbow is due to ship to OEMs in Q4 to allow them plenty of time to get devices ready for the OS’ introduction in late Q1/early Q2 2007. Crossbow is expected to give gadgets more a better telephony experience and to improve its messaging technology.

Come Q4 2007, and Microsoft will release ‘Photon’, the follow up to Crossbow, to developers. Photon is said to sport a new Windows CE foundation. It’s due to be launched to the public Q1/Q2 2008.

Source : The Register - Vista-inspired Windows Mobile 6 spied on web

Yesterday, Google Labs opened up the beta version of their CodeSearch search engine, giving way to an influx of pro-hack comments.

The, long awaited, CodeSearch facility enables users to lookup chunks of public source code, something thats sure to put the fjear mode : ON into the likes of Krugle, Codease and co.

Of course, pulling serverside source from webpages has been a dream of most hackers at one time or another, and Googles CodeSearch certainly lends its hand in doing so.

Consider the following search queries which will yield numerous results for unchecked GET variables, which could prove useful when employing Cross Site Scripting (XSS) attack vectors.

file:process.php "include($"

result: http://tinyurl.com/rrmh2

"include($_GET"

result: http://tinyurl.com/rdpl9

Not to mention the insertion of the following regex which outputs a mediocre 22,500 email addresses - making Google CodeSearch every spammers wet dream.

(Chris McClelland, of AJAXPress. stating over 11million emails from the string “@” - funny, we only found 9.5million, and half of those were not email related.)


^[a-zA-Z]([.]?([[:alnum:]_-]+)*)?@([[:alnum:]\-_]+\.)+[a-zA-Z]{2,4}$


result: http://tinyurl.com/ftz3u

Further, Google CodeSearch could prove to be somewhat of an engine for distributing “bad” code to unsuspecting programming/scripting newbies. “Google Code Search could also prove to be a tool for malware writers to distribute their code”, Adds Google Blogs, Steve Bryant, with a bit of realism to the whole security issue.

Recently I’ve had a sudden influx of porn related spam. Given that I dont usually get much spam, this was quite a surprise. Of particular interest, the influx started after applying, online, for a Barclay card.

Each email is a couple of lines packed with sexual related words, and includes a link which, when clicked, submits a GET variable to a script at the target URL, thusly validating the email address.

Example:

sexy blonde sucking and fucking
Hardcored and cummed
http://redheadteen.info/prime/siper.html?fMjXUYf.gVXjbW,hVX
Busty blonde oiled up
Amateur sex hardcore couple


The URL and .html file are variable. Obviously a little regex could filter out these emails due to the number of obscene words. But for anyone a little less tech savvy, a simpler solution is available.

The encoded variable at the end doesnt stand out to be of any particular type (base64, rot13 etc). However, cracking the code is extremely simplistic. The spammer uses a basic character substitution algorithm. Below are two tables, the first is what we know to be true, the second is the most likely completion of the conversion. Clear text is in bold, cipher text is in red

Verified Conversion Table

Most Obvious Completion

What becomes apparent is that the encoded GET variable is the receipients email address. As we know the variable content will be fixed (as apposed to random and matched in a database when processing) we can then use this to create a filter.

Option one would be to create a filter on the whole string. This is fine if you only have one email address, if you have multiple email addresses using only one domain, you could specifiy the filter to run after the @, or in the case of the cipher text, the “.”

If you have numerous email addresses across a number of domains, the obvious option would be to set to filter the encoded top level domains: ,WfQ(.net) ,hVX(.com) ,VSd(.org) etc

You can find details on how to set email filters on a number of mail clients at HideMyEmail - Spam FAQ as well as methods to help prevent spam

Sony Ericsson, in partnership with Fossil watches, have recently announced a new range of personal time pieces that, using embedded bluetooth, display the caller ID on the watch face, as well as giving you an option to forward the call to voicemail. Thus eliminating the need to forceably scramble around in your pocket again.

When an incoming call is received, the watch will vibrate and show you whose calling on a small display in the center of the watch, giving you a serious of options. Whilst bluetooth is renowned for using a fair whack of power, this type of device pairing is likely what Nokia is aiming for with the release of its new Wibree short range, low power data transfer technology.

A new anti-theft system has been designed that aims to significantly reduce the current rise in mobile phone theft.

Remote XT is a system whereby, upon discovering the theft of a phone, the user can ring a call center who will then send out a signal to the robbed phone. This signal destroys all the data on the phone, before emitting a high pitched annoying screetch, rendering the device completely unusable.

“We also then set a small bomb off, if you like, that completely wipes the data…if it has genuinely been stolen then it renders the phone useless to the thief,” says Mark Whiteman, MD of Remote XT.

The noise can be stopped by simply removing the battery, however, upon re-insertion the noise continues. This may provide a temporary measure that can be employed whilst work on reverse engineering the phone takes place. Whilst it hasnt been confirmed, the noise is probably active with any power source, whether battery or mains.

Strangely enough, I’m told that Hyper, from Hackers Voice Radio, came up with this idea a while ago, as mention at the end of the HVTV2 hacker video.

Unfortunately it would appeat that some complete idiot has decided to make a sequal to the classic hacker film Wargames.

This time around Stuart Gillard, of The Outer Limits and Charmed fame, has been named as the director of the sequal to the classic 1983 film whereby young hacker David Lightman (Mathew Brodderick) embarks in a deadly game with the US national defense super-computer, thinking its merely a computer game and almost lending a hand to total world destruction.

Wargames 2 : The Dead Game, is said to be set around very similar exploits, a teenage hacker whose world gets turned upside after playing an online terrorist-attack simulator game against a government super-computer designed to profile potential terrorists. Consequently, all hell breaks loose when Homeland Security is convinced that he’s a terrorist intent on disrupting the fabric of society.

Pre-location photography is expected to take place mid-november, and the IMDB lists the film for a 2007 release, although details are scare.

The film will, no doubtebly, be a complete failure, with a quality somewhat reminiscent of Xena or Andromeda, perhaps the JasonX of the Wargames concept. Consequently prices of the original Wargames are expected to saw, with the exception of HMV where it was last clocked at £17.99

Perhaps one day Hollywood will stop pirating other peoples ideas, trying to convince us its something new and then sue us for downloading what is enevitably a bag of shit, and actually start producing content thats *worth* buying. We can but hope.

Today saw the Nokia announce its new N Series mobile phone. The N91 Music Edition, now fitted with a huge 8GB hard drive, is aiming to secure Nokia’s position in the mobile media market. The phone is said to sync with Windows Media Player and, thusly, supports the WMA music format. Surprisingly, the new N91 also supports a variety of other formats, including, MP3, AAC, AAC+ and eAAC+. Nokia has said that it will be bundling an updated version of its PC Suite data synchronisation software with Music Manager rip and transfer code.

The lower spec N70 and N73 are said to incorporate 1GB and 2GB of memory respectively, whilst Nokia haven’t announced whether this will be as removable SD media or built in memory, its more than the current versions offer.

The N70 and N73 go on sale this November, with the 8GB N91 shipping by the end of the year. Potential buyers will be looking at a price of £234-£369, dependant on model.

Online retailer, amazon.co.uk, are offering the current standard 4GB N91 from £235

UK energy company, Moixa Energy, have just released a new type of rechargeable battery that requires nothing more than a standard USB port to refill.

The NiMH batteries are currently available in AA size and can be purchased via the Moxia website for a mere £12.99 a pair. Details on performance are sketchy, but the new battery certainly looks to be full of potential. The battery itself appears to be a normal AA size. Re-charging is achieved by flippy the postive terminal off to reveal a USB connector, and inserting it into a bog standard USB port.

Each battery runs at the standard 1.2v (1300mah) and a dead to 90%+ charge will take you approximately 5 hours.