Temporary Shellshock Restrictions

I have turned off comments on this blog for the present till the new Shellshock vulnerability is completely assessed and thoroughly patched. WordPress is based on PHP, and uses shell calls. I don’t know that WordPress comments are vulnerable to exploitation of this bug, but until I’m sure we won’t take that chance. Thank you for your patience!

How to hijack social media accounts without any hacking required

Facebook, LinkedIn, Twitter and any number of smaller social networks we don’t even know all seem to suffer from the same problem: ignoring the fact that domains cease to exist.

Only just today, I’ve spotted mail from LinkedIn to many accounts in over a dozen spamtrap domains. Twitter likewise, and Facebook, even more. I imagine that having control of these email addresses, I could “reset password” in all of those accounts if I wanted to, and therefore gain control over most of them (if they aren’t using two-factor authentication, such as that LinkedIn offers). How is this in the interest of the social networks or the account owners?

Does CAN-SPAM Have Teeth?

“It does have teeth; it keeps them in a glass by the bed.”
                                                                           — Mickey Chandler, Spamtacular

‘Nuff said. ūüėČ

New Finnish spam list vendor: yritysguru.fi

The self titled “Business Guru” (www in Finnish, www in English at alternate domain) is selling the standard fare, B2B spam lists. The yritysguru.fi domain is registered to Mikael Suominen as a private person. The finnishcompanyregistry.com domain is WhoisGuard Protected. The actual hosting of both is cloaked by CloudFlare.
Read more…

Washington Post: Ignoring Unsubscribes

The Washington Post, one of the major newspapers in the U.S., just started emailing advertisements to the email addresses of people who have accounts there to comment. I was foolish, and provided my usual blog commenting email address instead of a tagged address that I could turn off if needed. :/ I unsubscribed, and also sent email to their ESP E-Dialog (now eBay). The unwanted advertising emails have continued. I want to warn users that either the Washington Post is ignoring unsubscribes or E-Dialog’s unsubscribe system is unconscionably slow despite having (twice now) confirmed that my email address was removed.

Read more…

ACC Consulting Oy gets conditional fines

acc_consulting_logo

The Data Protection Ombudsman has decided that ACC Consulting Oy cannot be brought into line with advice and guidance alone, and has passed the matter on to the Data Protection Board with a requirement to impose a conditional fine to ensure compliance.

Reply from Data Protection Ombudsman

An open letter to Filip Poutintsev / Lateralus Enterprise / Tavoite Media

This was sent in private email on Feb 12 in response to a spam. No response has been received so far.

Read more…

ASML (Finnish DMA): Spamtraps are illegal

A little bird told me that the Asiakkuusmarkkinointiliitto (“Customership Marketing Association”, for lack of an official translation) (www, biz reg, register of associations) has posted an anonymous opinion piece that basically says they think spamtrapping is illegal.

Read more…

Suomalainen Kirjakauppa: Hell bent on using bad data

Suomalainen Kirjakauppa (www, biz reg), one of Finland’s largest bookstores (and oldest registered businesses) has been terminated previously by a Finnish ESP, and by a Swedish ESP operating in Finland, both for the use of bad data that hit spamtraps and landed their IPs onto blocklists. It is very likely that they aren’t deliberately spamming B2C (though it must be said that B2B spam that is guaranteed to be spam has been seen from them too), but by steadfastly refusing to clean bad/old/bad and old data from their legitimately acquired B2C lists, they have degenerated into spammers.

Read more…

Go back to top