Wandering Thoughts archives

2012-09-29

SpamAddressOddity

A recent spam oddity that I've been mulling over

One of my habits is that I don't directly subscribe to mailing lists; instead, I subscribe aliases to them and forward the aliases to me. These aliases are generally purely collection points that are almost never used as the From: address or explicitly copied on messages. As a result of all of this, these aliases should never get spam and almost always don't. All of this is background.

A couple of weeks after our phish compromise incident, one of those aliases received a distinct burst of spam, hitting it on Thursday, Friday, and then the next Tuesday and Wednesday. All of the spam messages were various sorts of phish attempts but not for banking credentials; they targeted business services (efax.com, adp.com, American Express, and the Better Business Bureau). Most of the phish attempts were your standard fake website things, but one of them was trying to get you to run a zipped Windows executable (some online analysis sites say that as expected, this is an already-seen trojan). Based on evidence in the message headers all of these phish attempts had multiple recipients here, not just my little alias.

So in short, a couple of weeks after a phish compromise we were spammed with a significant phish spam run that hit even a normally invisible address. This makes me wonder two questions.

First, did our initial phish compromise somehow read out a significant portion of our local addresses and then pass them on to other spammers? On the one hand, this would explain why this spam hit my alias. On the other hand, it's hard to see how it would have happened. I don't think that our webmail systems support this, it's far from obvious how to do this on our machines, and there wasn't any evidence that the spammer accessed our systems apart from webmail.

(I was going to say that this alias had never appeared anywhere and had never been spammed before, but both turn out to be wrong. It's appeared in a place or two and it did receive an advance fee fraud spam back at the start of July.)

Second, did the initially successful phish spam cause the followup? I can certainly construct a story where spammers find it useful to target further phish spam at places where some phish spam has already worked; after all, suckers are suckers. On the other hand it certainly could be a coincidence. The compromise phish spam was specifically targeted against us (with specific organization names and so on), but the followup phish spam is very definitely not; it's targeting generic business services, not services that a university department would plausibly use or care about. At a minimum it suggests that the spammers behind the targeted phish spam were a different group than the people behind the followup.

spam/SpamAddressOddity written at 23:52:23; Add Comment

ColourSettingInterface

What I would like in colour-specification interfaces

There are a lot of programs and systems and so on that let you specify what I'll call 'absolute colours'; this RGB value for the foreground, this RGB value for the background, and so on and so forth. My personal opinion is that this approach to specifying colours is too low-level for most uses.

We know a fairly large amount about how people perceive colours in relation to each other; some of it comes from scientific research and a great deal of it comes from the surprisingly pragmatic world of art. In practice, you almost always want to specify colours that follow the principles derived from this knowledge. Or to put it directly, you almost always want colours that work well together in whatever relation they're supposed to have.

This is why I say RGB-based colour specification is too low level. In practice you do not pick RGB values out of a hat with no reference to each other (at least not if you want the result to look decent); you go through some process of harmonizing the colours and deriving some colours from others, working out all of the RGB values in the process. What I really want for specifying colours is something that automates this; it would let me start with a base colour or perhaps a small set of colours and then derive other colours from them through perceptual operations like 'make a desaturated, less obvious but still readable version of the foreground colour'.

(I know, desaturation is a basic and sort of simple operation. I'd like much more ambitious features, such as automatically deriving complementary colours and avoiding colour pairings that cause problems for people with various sorts of colour blindness.)

This grump is brought to you today by xterm, where the common set of colours are specified as absolute values and are definitely not designed for black text on white backgrounds, red text on white backgrounds, or in fact any of the foreground and background colour combinations I use.

(2 comments.)
programming/ColourSettingInterface written at 03:01:37; Add Comment

(Previous day | Next day)
By day for September 2012: 2 3 5 6 7 8 9 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30; before September; after September.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.