Trojans and Popups and Slimeball Business 287
Selanit writes "Salon.com is reporting
on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that
some companies have. My favorite part is that the guy who denies any knowledge
of the trojan popup is named 'Frank Bigott'.
Actually (Score:4, Informative)
I'm aware, that this doesn't necessarily sit well with a lot of people here, but wtf...
Re:That would explain why he didn't get it (Score:3, Informative)
Yup, like I said, I have a log full of lame server entries for wwws1.com -> translation, the program was sending her to wwws1.com and my DNS server when doing the resolving was reporting the fact that the DNS for wwws1.com is not setup correctly.
Who said anything about www.s1.com?Re:Actually (Score:4, Informative)
Ad-aware (Score:5, Informative)
You should sue (Score:3, Informative)
Investigate your state laws here: http://law.spamcon.org/us-laws/index.shtml [spamcon.org]
Some of the states allow quite significant damages, for example, California law allows "damages of $50 per message, up to $25,000 per day, or its actual damages, whichever is greater."
If you are in a state with anti-spam laws you could really lay a hurtin' on them, and might even collect some dough in the process. (Although, given that we know they are unscrupulous, collecting will not be easy.)
Here are some other resources:
http://smallclaim.info/ [smallclaim.info]
http://www.spamcon.org/ [spamcon.org]
http://www.aboutspam.com/ [aboutspam.com]
http://http://www.cauce.org/about/resources.shtml [cauce.org]
Re:Microsoft, security and Java... (Score:5, Informative)
Yeah, I posted it elsewhere, but it bears repeating that the "Microsoft® virtual machine (Microsoft VM)" [microsoft.com] is not a Java Virtual Machine (JVM, the old name), and Microsoft are no longer allowed to call it that after being bitchslapped around a few courts by Sun. Let's keep the Microsoft VM and the Sun JRE clear and distinct in our minds.
Re:Microsoft, security and Java... (Score:2, Informative)
If you look at that MS was doing to the Java APIs (not the language or VM), you will see that they tried to get people to write code to their APIs that tied people to their MS x86 Java Platform which was against the agreement they had with Sun.
Netscape just had a bad implementation of Java.
ActiveX Backdoor (Score:3, Informative)
The Microsoft virtual machine (Microsoft VM) contains functionality that allows ActiveX controls to be created and manipulated by Java applications or applets. This functionality is intended to only be available to stand-alone Java applications or digitally signed applets. However, this vulnerability allows ActiveX controls to be created and used from a web page, or from within a HTML based e-mail message, without requiring a signed applet.
A better solution.... (Score:2, Informative)
is sending the cards in your organization. I
am a member of four or five ladies' groups and
I typically send between one and five or six
ecards per week.
I won't touch Flowgo with a ten foot pole. I have fallen into their spam trap twice. Women love ecards.
What they need is some alternatives to Flowgo or a bit of education in disarming Flowgo/Funstun/Send4Fun etc.... This is a serious issue because ecards are sent for support (the most popular one I send is "thinking of you") and sometimes sympathy or illness.
Put simply, you don't want to spam someone with illness or a death in the family or someone who is recovering from ilness either.
What you need to do is talk to the major ecard senders in your organization. This may be the party committee, the boss' secretary, the ladies upstairs in marketing what have you.
Suggest any of the following
http://shopping.corbis.com (write your own message and choose from thousands of images. The database is a great toy.) No ads in the card for outside businesses.
http://www.artsmia.org (Minneapolis Museum of art has lovely illustrations.) No ads period!
http://www.arborfoods.com (cards are a few links inside the site and come with recipes.)No ads!
The MOMA also has great ecards with a very classy pick up letter. No ads!
If you can tolerate a little advertisement and have someone among the card crew who is techincally comfortable (can code some html), have her set up a postcard mill on the company web site. http://www.allyours.net works really well for this and you can upload your own pressies. My personal postcard mill is at http://nakedmolerat.org.uk/plaunch.html and the pressie galleries start with http://nakedmolerat.org.uk/raok2.html
Alternatively, Funstun/Flowgo etc... cards are very easy to disarm. I know you think why bother. I think that too since I prefer the alternatives I mentioned above but people love those animated cards. Instead of just hitting the send the card on button, the sender sends the card to HERSELF. She then cuts the nonspam link out of the pick up letter sent by Flowgo and inserts it into a fresh email letter. Goodbye spammy opt in by deception, and hello animated greeting card. True they're still full of pop ups but at least the spam trap is gone.
The trick is to realize that cards are important. Women account for the vast majority of greeting card purchases and when we are online we bring this part of our culture with us, and we even take it to the office.
By the way, the education strategies will also work with friends and relatives. I'm sorry if I sound sexist, but I think this is a female problem.
Eileen H. Kramer/Roanna/ZOIDRubashov
Head of the RAOK Guestbook Committee.
http://nakedmolerat.org.uk/raokg
Re:Yeah, well Mozilla sucks because... (Score:2, Informative)
First, go to Sun's Java page [sun.com], and download their SDK for Java. Then run their installer and install that on your system. The next step is to go to the bin directory in the location where you just installed Java, and copy all the
Re:Actually (Score:3, Informative)