The Daily WTF: Curious Perversions in Information Technology

2008-11-06 Reply Admin

Johnno:
Mike:
I once had someone send me scans of her driver's license and social security card. I had never had contact with this person before.

I can't help notice the "had never...before" - I assume you have kept up the contact since?

q634$^OPF_djrtt

Hey!!! It doen't work.....

2008-11-06 Reply Admin

Username: Daleo125 Password: 23red123applesZZ

EvanED · 2008-11-06 Reply Admin

Ty:
The better way is to actually request their information and then revoke their systems access for 1 day. When they call us, you say
"We phished your login information, which will now be change and re-issued to you in a card. We will periodically send you this request, and if you respond, we will revoke your systems access for 1-3 days, depending on when we feel like bringing it back up and when we do we'll issue you a new login and pass. This is for your own saftey and to teach you NEVER to give out your login and password, especially to us!"

I actually really like this idea.

A new login is probably way too harsh except for serial offenders, at least if you don't set up email redirection, but otherwise very nice.

2008-11-06 Reply Admin

the university i went to used a really simple system to assign user IDs to students. i was once the TA for a class in the computer science department and pointed out to the kids in my lab section how easy it would be to write a script to just generate potentially valid user IDs and send them ridiculous emails. [it was a security discussion, so the commentary was valid, if a little mean on my part.] shortly thereafter, the spam and strange emails started coming to the student body in waves....

i would almost feel bad but i was not personally effected: the system for assigning accounts to grad students was different that the undergrad one...

Code Dependent · 2008-11-06 Reply Admin

dave:
...(although thanks to those of you here who posted the real deal - like the owner of this a ccount I'm posting from....!!)

So the real deal got you logged in as "dave (unregistered)"?

2008-11-06 Reply Admin

user: 008 pass: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Oh shit, I've been infected with the EICAR.Test virus... Must format my harddrive now...

2008-11-06 Reply Admin

Azeroth:
Actually, when you post your password here (mine is *******), it gets replaced by asterixes. It's a cool security feature of this site. Try it out now! :)

fR3d3r1ck

2008-11-06 Reply Admin

George:
Azeroth:
Actually, when you post your password here (mine is *******), it gets replaced by asterixes. It's a cool security feature of this site. Try it out now! :)

fR3d3r1ck

:-(

2008-11-06 Reply Admin

jpers36:
ATTENTION: DAILY WTF SUBSCRIBER:
This comment is to inform all our {DAILY WTF} users that we will be upgrading our site in a couple of days from now. So you as a Subscriber of our site you are required to post your WTF account details so as to enable us know if you are still making use of our comment box. Further informed that we will be deleting all WTF account that is not functioning so as to create more space for new user. so you are to send us your WTF account details which are as follows:

*User name: *Password:

Failure to do this will immediately render your WTF account deactivated from our database.

Your response should be post in the following comments.

captcha/nobis

operagost · 2008-11-06 Reply Admin

Azeroth:
Actually, when you post your password here (mine is *******), it gets replaced by asterixes. It's a cool security feature of this site. Try it out now! :)

I also like bash.org.

2008-11-06 Reply Admin

Unsurprised. Over the years, I've encountered a number of people who seem to relate to paragraphs of text in what I call "keyword-directed" fashion. From their reactions, I've deduced that they pick random words out of the text until they hit enough "matches" that they can make a vague guess as to what it's about. And unless they mentally flag it as important (based on their random input), they skip the actual reading step.

With one or two such people, I've had some success with using one simple sentence per paragraph.

2008-11-06 Reply Admin

Vechni:
Username: Vechni Password: papabear1

It appears that you have changed your password. We need you to repeat the process with your new password so that we can verify your current information.

2008-11-06 Reply Admin

operagost:
Azeroth:
Actually, when you post your password here (mine is *******), it gets replaced by asterixes. It's a cool security feature of this site. Try it out now! :)

What? your password is hunter2, too?

RogerC · 2008-11-06 Reply Admin

Chris:
The ability to detect scams has a lot less to do with experience than it does raw intelligence. The intelligent person sees something out of the ordinary and asks the question, "What is going on here? Is this is a phishing attack?" Not much experience is require to be able to know that something is amiss. The stupid person, even with all the phishing training in the world, can't "spot" a place where someone is outsmarting them. You can't teach someone to not be outsmarted.
That being said, someone who has used a computer for years and works as a web developer is a lot less likely to fall victim to something like this than my grandma is.

I believe this can be adequately explained by the theory of Mappers and Packers. For the packer, every new phishing attempt he encounters is one that is probably not on his list, so he doesn't recognize it.

Franz_Kafka · 2008-11-06 Reply Admin

Azeroth:
Actually, when you post your password here (mine is *******), it gets replaced by asterixes. It's a cool security feature of this site. Try it out now! :)

If I ran a site like this, one of the things I'd do was add a filter so that a long string of s turned into something vaguely password like, and -- generated valid SSNs. Except for the poster, of course.

Franz_Kafka · 2008-11-06 Reply Admin

Sigivald:
Steve H:
(Having said that, if you've ever proof-read an American college student's work, man they're hopeless. The state of education in that country is terrifying).

In my experience, Canadians are just as ill-educated at the language and other topics (or not) as Americans, as are Britons.

With a few culturally-derived exceptions (Japan, maybe Korea, Israel, at least for the Jewish population) I'm not sure the "average" student is especially competent anywhere.

That's the inevitable result of universal access to college-level education; you get people who couldn't have passed high school in 1920 going for full degrees.

You just think that because you see the smart asian kids - believe you me, there are a shit-ton of Japanese and Korean morons - someone's got to work fast food for life. You just don't see them because stupid people usually don't have that much money to travel with.

Eternal Density · 2008-11-06 Reply Admin

Florian Junker:
This is just depressing. How do these people manage to stay alive?

GLaDOS is merciful/amused.

2008-11-06 Reply Admin

Don't be upset. It only shows up to you because it's your password. All we see is "*********".

2008-11-06 Reply Admin

dangit flubbed the quote. Oh well.

2008-11-06 Reply Admin

If you do receive an email requesting your credentials, please call the help desk at 244-3500, or forward the email to [email protected]. Do not reply to the message, even if it states that you account will be disabled.

clicks forward reports the warning email to the help desk

2008-11-06 Reply Admin

User: ThisGuy Passwd: SleptWithYourMom

If I ever want to quit my job, I'm changing my password to this and calling tech support for assistance on something.

Eternal Density · 2008-11-07 Reply Admin

Coincidence time! I just received one of these emails from my workplace, though without an example.

I quickly responded:

Here is the data as requested: username: (censored, but correct in original) password: 1!!gniddiK

Now to see what happens...

2008-11-07 Reply Admin

Phishing is awesome, I've totally not phished myspace passwords from people at school and reeked havock with their accounts ;)

2008-11-07 Reply Admin

gone phishing

2008-11-07 Reply Admin

Yep:

regall.exe - this recursively searches your hard drive 
    for all DLLs and runs regsvr32.exe on each one so 
    everything will work again if a DLL registration 
    gets messed up.

backupall.exe - this backs up all exes, dlls, ocxs, and 
    tmp files in case you need to restore your 
    computer. It puts them in a folder called 
    C:\backupall.

Wow that are some neat tools! Could you send me a copy of regall.exe so I can use that on our domain controller? It's acting kind of flaky lately. Can I get just the compliled executable as I don't know how to use a compiler. Thanks.

2008-11-07 Reply Admin

I think I'm getting too old and am not 'down with the kids' these days, what with this and the t0pc0d3r post...

I can never tell with this site whether it's full of supreme cynically-sarcasmic-reverse-nested-logic or people genuinely use this as a platform to shout 'NO U R RONG AND I R CLEVAR!'

George - I tried your password but it didn't work - can you please advise of the updated password.

oh, and I believe it's customary to shout 'Get off my lawn...' Although living in the UK I don't have so much as a lawn, rather a small patch of grass which the cats use more than I do.

Scarlet Manuka · 2008-11-07 Reply Admin

One point to keep in mind is that probably a significant fraction of the students to whom the message was sent didn't have good English skills and may have found the message difficult to understand. So they responded to the bit they could decipher...

This further reinforces the need to keep any sort of warning message short and simple.

2008-11-07 Reply Admin

"When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.

Important messages should be short and simple."

This.

Bombe · 2008-11-07 Reply Admin

Actually, you should blade these people. And really hard, too.

hikari · 2008-11-07 Reply Admin

Why is he apologizing when he should be revoking their network access for being terminally stupid?

Bombe · 2008-11-07 Reply Admin

MrsPost:
[…] you would get any number of responses.

ORLY. That’s like saying “a maximum of 3 are guaranteed”. Wow.

hallo.amt · 2008-11-07 Reply Admin

I usually enter some random stuff into their wabpages. In Germany they ask quite often for bank account updates and that you have to give them your PINs and TANs.

If anyone likes to use mine

4853

556846 658426 214566

please ask for more [;)]

2008-11-07 Reply Admin

UserId JGordonBrown Password GurningImbecile

2008-11-07 Reply Admin

Helix:
I bet 100GBP that most of the students who replied with their apparent username and password did so as a joke....

...

postmast3r:
At the large .edu where I'm a postmaster, we found that almost none of the students or faculty who responded sent a fake password - they sent their real one.

You win £100, courtesy of Helix!

2008-11-07 Reply Admin

curtmack:
This means that the would-be spammers get inundated with Postmaster errors from their own messages. Instant karma.

No they don't. Most spammers use faked "From:" fields which usually means either someone who had nothing to do with it gets your error messages, or nobody does.

2008-11-07 Reply Admin

<out of memory>:
SomeCoder:
pskroob / 12345

Hey, that's my luggage combination!

Captcha: Causa as in Causa belli. This means war!

Watch out folks, the head space ball is online.

ender · 2008-11-07 Reply Admin

Rob F:
Unfortunately, valid spoofed e-mail addresses mean that unsuspecting people suddenly encounter thousands of postmaster errors in what has been named backscatter and the original spammer doesn't receive any kind of comeuppance. It is manifested by poorly set up mail systems that obsessively send auto-response messages without even verifying if the original e-mail address was bona-fide.

Actually, since 99% of these e-mails come from infected computers directly, the message is just discarded (worms won't bother relaying the 500 response from your SMTP server to whichever random sender they used).

Arancaytar · 2008-11-07 Reply Admin

Hahaha... it's so easy to phish people you can do it even by accident.

2008-11-07 Reply Admin

kennytm:
Yep:
From: Anon Y. Mous, ASP. To: Everyone Priority: High Subject: Comment Trolling Warning
We have noticed an increase in trolling attempts, similar to the message below. TDWTF will never request that you shout angrily in words at the previous poster. You should not feed the troll with any useful information like facts, logical arguments or your personal opinion through comments.

Here is an example of a recent trolling attempt:
    -------------------------------------------
    Subject: Re: Serious Fricken Bureaucracy

    Re: Serious Fricken Bureaucracy

    I pretty much function as technical support for my
    team, setting up things like start menu shortcuts and 
    icons. I have even written some useful programs that I 
    gave to the corporate support group. You get better 
    response from them if they know they owe you for giving 
    them free programs.

    I have heard NO complaints from them, so I am very 
    pleased with a rate of zero defects. Every time I ask 
    my friend in tech support how they are working out, he 
    gets a big smile and says they are working perfectly.

    Here are some examples of programs I have written for 
    our technical support group:

    ud.exe - this goes up a directory, so instead of typing 
        "cd.." you can simply type "ud"

    ud2.exe - this goes up TWO directories at once, so it 
        is like doing ud twice.

    ud3.exe - this goes up THREE directories at once (you 
        get the picture by now I hope).

    mkdirrandom.exe - makes a new directory with a random 
        name, using a random number generator I wrote (I 
        adapted the code someone posted on this site).

    regall.exe - this recursively searches your hard drive 
        for all DLLs and runs regsvr32.exe on each one so 
        everything will work again if a DLL registration 
        gets messed up.

    backupall.exe - this backs up all exes, dlls, ocxs, and 
        tmp files in case you need to restore your 
        computer. It puts them in a folder called 
        C:\backupall. 

    (end of trolling example)
    -------------------------------------------
Other trolling attempts include comments that appear to have been posted by site admins such as Alex Papadimoulis or Jake Vinson. Your site admins will never participate in comment discussions or provide you with material that you would want to flame them for. The only valid comments will be Featured.

When you receive these types of comments, you should ignore them and not respond. It is also a good practice to avoid clicking on any links in suspicious TDWTF comments.

If you feel you have been a victim of a trolling scheme regarding a TDWTF article, please contact a site admin so that they can take drastic action against witty and rueful trolls.

Thank you,

Anon Y. Mous, ASP. Chief Sarcasm Officer
ok, you are a retard because: <drum roll>
1) cd ..
2) cd ..\..
3) cd ..\..\..
4) mkdir wqeipjfwvoefi
5) that's not very a good idea.
6) 'system restore'

"he gets a big smile and says they are working perfectly"=="nod and smile at the retard"

Wow! kennytm, I assume this is like a double sarcasm fest?

2008-11-07 Reply Admin

opposed. If they don't get the difference between quoted example and instruction in this case, how the hell will they when it comes to their studies?

Studying implies the ability to read, understand, and differentiate. They prove by their replies that they lack those.

2008-11-07 Reply Admin

As an alumnus of the University of Alabama, it doesn't surprise me that this would occur at Auburn. It just adds more fodder for the endless Alabama / Auburn jokes.

Roll Tide!!!

P.S. Did you hear the one about the Auburn student staring intently at the frozen orange juice display in the grocery store? "Shhh!", he said. "It says 'Concentrate'!"

2008-11-07 Reply Admin

Attention WTF Forum Posters:

There's been an outbreak of trolling posts on the forum.

Please ensure you don't reply seriously to sarcastic posts, or to sarcastic replies to sarcastic posts.
Please be careful when following links from the forum, as you my be Rickrolled or worse

KenW · 2008-11-07 Reply Admin

kennytm:

ok, you are a retard because: <drum roll>

No, you win that title. Posting a moronic post in response to a quoted comment that was made here as a joke by someone else weeks ago is fail, as is not trimming the quoted material, as there was no need to include it all; a single sentence or paragraph from the post you were responding to would have sufficed.

Try again sometime, after you've been here long enough to know when you're not an idiot. I'd suspect you'll need to just lurk for quite some time, based on this post.

kennytm:
he gets a big smile and says they are working perfectly"=="nod and smile at the retard"

Smiling and nodding at you now, kennytm. Can you feel it?

KenW · 2008-11-07 Reply Admin

rd:
Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?

Two questions: How can you be so dumb and still remember to breathe, and who held your hand and helped you find your way here? Whoever it is should be shot at sunrise. No, wait! Shoot them now; if we wait until sundown that leaves more time for him to do other damage to the 'net.

2008-11-07 Reply Admin

KenW:
rd:
Two questions: how do I include the entire text of a long post in my short reply and how do I go up four directories?

Two questions: How can you be so dumb and still remember to breathe, and who held your hand and helped you find your way here? Whoever it is should be shot at sunrise. No, wait! Shoot them now; if we wait until sundown that leaves more time for him to do other damage to the 'net.

What the fuck is your problem, friend? Didn't your mother ever teach you that if you don't have anything nice to say...

Aaron · 2008-11-07 Reply Admin

Steve H:
DaStoned:
When I read a formal and unnecessarily complex e-mail, my brain simply rejects it. I just skim over it.
Important messages should be short and simple.

Seconded.

Folks, this is something you might want to work on. I'm just saying, if my brain "simply rejected" anything more than 6 words, I wouldn't be running around trumpeting it.

I suggest starting with some easy material such as children's books, then move onto PowerPoint presentations and finally a few novels like the Hardy Boys, or even a Harry Potter book. Stick to it for a few months and I'm sure you'll have no trouble reading messages with more than two or three paragraphs.

2008-11-07 Reply Admin

I can all but guarantee that those usernames/passwords were sent in by any or all of the following: A) Sorrority girls B) Adult students C) International students who might not understand that an example is not part of the message

KenW · 2008-11-07 Reply Admin

Dirk Diggler:
You might want to check that backupall.exe program because if you lose the C drive you won't be able to restore them.

You might want to check and realize that you're responding to a trollish joke post made here weeks ago that was used here for humor.

Also, you might want to learn enough about the proper behavior on the internet forums to know that you don't quote 100+ lines of text to add a single line comment, unless you're a total moron.

Thanks for playing the "Am I Smarter Than An Internet Troll?", hosted by Alex P. and Jake V. Now, face the camera and tell the world, "No, I am NOT smarter than an internet troll."

KenW · 2008-11-07 Reply Admin

Yanman:
You see, that's why the American schooling system fails. It promotes stupidity.
Belgium gives money to each student, who decides which school he/she wants to go to. If you're a bad school, you won't attract many students, and you'll go bankrupt. There is a limit on the amount of funding a student gets ( doing the same year 5 times is worthy of gene pool removal IMO), so schools are extra motivated to get good results.

You see, that's why the Belgium schooling system fails. It doesn't teach it's students not to make moronically stupid statements in public forums about things they know absolutely nothing about.

If you did, you'd be aware that every US college student has his/her choice of many schools to attend, and Federal and State loans and grants to help pay for them. Those grants, BTW, are the same as the Belgium gift of monies to attend school you mention.

Please refrain from showing the low quality education you received in public in the future; you're embarrassing other Belgian people who actually paid attention in class.

Technical Thug · 2008-11-07 Reply Admin

ender:
Rob F:
Unfortunately, valid spoofed e-mail addresses mean that unsuspecting people suddenly encounter thousands of postmaster errors in what has been named backscatter and the original spammer doesn't receive any kind of comeuppance. It is manifested by poorly set up mail systems that obsessively send auto-response messages without even verifying if the original e-mail address was bona-fide.
Actually, since 99% of these e-mails come from infected computers directly, the message is just discarded (worms won't bother relaying the 500 response from your SMTP server to whichever random sender they used).

You're making way too many assumptions. And I know they are wrong, because I've seen people's mailboxes get crushed under a pile of NDR and bounce messages for stuff they never sent.

If your mail server bounces mails back to senders, you lose at Internet.

Go Phish

Leave a comment on “Go Phish”