Schinckel.net

I was testing my site in Opera, and because I have some code in the template that shows the referrer as obtained by the browser down the bottom, I can see where I came from when I visit my site. Imagine my surprise when I came across the following: I haven’t been able to find out anything about this in the Preferences, but it seems so bizarre! Needless to say, I hadn’t been there (this was in fact from a page that was loaded by typing in the address!). A refresh on the page removes this from the referrer, so this value must be generated by Opera when a referrer doesn’t exist. I wonder if it’s a sideline business for them. Not happy, if it is. For the search engines: the address is http://quegu.topcities.com/online-poker-rooms.html I’m not linking it, deliberately.

…but not as much as Internet Explorer. I’ve tried to make my blog, and by definition the template itself, work with every OS/Browser combo I can. And I’ve noticed one big similarity between Opera and Internet Explorer. Stuff that doesn’t work in one tends not to work in the other. That is, Opera is almost as crappy as IE. For example, I wrote a script that creates a list of links in the current post, and it failed in both of these browsers. The worst thing about this is that it’s damn near impossible to test (easily, at least) without making a change, reloading, repeating. With Firefox, you can easily get a JavaScript Bookmarklet that opens a JavaScript Shell, allowing you to experiment with commands, a-la python. Which can then be used to create the final script. At least Opera allows you to see what’s going wrong with JavaScript. IE’s pathetic attempt at error reporting (popping up a dialog box on each error is a real quick way to get yourself turned of, error reporter) is unproductive. Opera can display errors, which quickly enabled me to figure out what was wrong with my script. I think.

I use eBay semi-regularly, but I don’t tend to sell stuff on it, and there’s no way they’d have my credit card number on file, or any sort of regular payment. So the email pictured below was clearly (to me) a Phishing attempt. What makes this one different to most that I have seen is that there aren’t any spelling or grammatical errors, or at least none I picked up on a casual read. And I tend to notice these type of errors. With no intention of putting in my real details, I copied and pasted (Gmail had kindly noticed that it was a Phishing attempt, and had Spam-binned it already) the URL, which clearly wasn’t an ebay address. The site that came up was rather ‘correct’ looking. Even though there is a tipoff here: right at the bottom it says:

Be sure the website address you see above starts with https://signin.ebay.com/

and it clearly doesn’t. It does have that in there, and that might be enough to fool a less experienced user. Knowing full well that this was a phishing attempt, I put in a nonsense username and password combination: adolf.hitler and nazism. Unsurprisingly, it appeared as though I had logged in, and loaded up the next page, which is very scary. Okay, so you want my Credit Card number, and the three digit authorisation code, but also my PIN? Fuck-a-duck. Anyone who puts that in there is just a wanker. Seriously, if the banks say don’t give your PIN to anyone, why would you need to give it to eBay? • I have come up with what perhaps should be the first step in testing to see if a site is a Phishing attempt or not: make up a garbage username/password combination, and see if that works. If it does, it certainly is a fake. I always try to visit Phishing sites, and create several fake usernames and passwords, in order to at least dilute the effectiveness of the attempt. If the owners have to risk noticable behaviour by typing in wrong password/username combinations, it might make the Phish less worthwhile. I’d like even more to automate scripts that hit a Phish server thousands of times, with faked usernames and passwords. One day.