Tuesday, January 31, 2006
Monday, January 30, 2006
Are You Sure You're Anonymous?
We have a visitor, we shall call him Mr. Anon, for that is what he wants to be.
The problem with Mr. Anon is that he uses the free version of anonymouse.
Every time Mr. Anon comes to visit us his referrer on Statcounter shows us his IP and that he came to our page via Anonymouse. This is how we know he wants to be anonymous. Poor guy.
There are some pretty good proxies out there and there are some that are transparent. Transparent, as in, I see you anyway... and worse still, some show you are using them, so not only is it 'I see you anyway', it's 'I see you... and know you are trying to hide from me'. Talk about getting caught with your hands in your pants.
Embarrassing. We usually just look away.
Here's a word of advice on Proxies.
You need to test them on your own site before venturing out on the Internet thinking you are anonymous or you may find that you have a sad case of 'The Emperor's New Clothes'.
It is wise to have more than one tracker.
Here are the ones we recommend.
Good for seeing which pages people are looking at.
That's how we track our most popular pages for the sidebar.
Less detail, but it picks up a lot of the hits that Statcounter misses.
There is also a Free Beta Tracker available to BlogExplosion members.
The important thing about having the trackers on your site is not so much because you are in love with your statistics, although we highly recommend making love to your counter as often as possible, it reminds *us* that we are loved, who could ever ask for more? But you need a place to check your proxy to make sure it is not transparent. Since most sites use at least one of these three counters it is wise to check your anonymity on all three. Then you can do as we do and porn surf to your heart's content.
For surfing without changing your Internet configuration to use a proxy we recommend these:
We have tested them and found that for free surfing there is a limit on bandwidth, so you can only see a couple of pages then you are kicked off, but for popping in on your site to check for comments from work they do come in handy.
Happy Surfing Everyone!
Sunday, January 29, 2006
Did Anyone Notice...
Wonder what happened? Wonder if their site will be taken over my spammers too?
Brain Catches Thief, film at eleven!
As you know by now the Secret Brain was attacked yesterday by a criminal element that stole a friends identity and claimed that friend was in fact Artfuldodger. A claim both criminal in intent and unthruthful in reality.
Today I have good news to share with you all, the criminal bastards have been identified and routed! This time the bear got them. Now, I want to be perfectly clear, I do not at this time have 100% proof, so I will NOT be naming any names in this email or post. Unless I am 100% sure I will not stoop to their level and falsely accuse anyone. Let me say however, that I am indeed 99% certain.
Until now I have kept certain information private regarding the perpetrators in question. Much like any crime scene investigation, you keep certain things private that only you and the criminal know about. This way they can tip their hand and reveal themselves. Exactly what that information is, is not important. What is important is that the person(s) is suspected have closed up shop and brought their blog down today. They have disappeared in a cloud of guilt. The reason?
I sent them an email yesterday that only a guilty person would understand, an innocent person would just wonder what the heck I was talking about. This was also done in a variety of other ways as well. Apparently, as they should have, they took me seriously. Let me also be clear, until such time as they admit to their guilt here at SIC or on the blog of their choice I will NOT stop tracking them down. They are guilty and as far as I'm concerned must be made to understand the seriousness of their crime. My offer of a pardon still stands, come clean and all will be forgiven.
In a few more days The Secret Brain will return. I have discussed this in depth with Lady L, my friend that was briefly exposed, and with many of you. I believe that allowing these criminals the joy of success is to validate their methods and encourage others to try the same tactics again in the future. This cannot be allowed to stand.
In the last two days, and truly in the last two months, I have come to know and trust many of you. I appreciate all of your help, support and words of encouragement. Thank you. I strongly believe that this forum is a powerful one that can be used for good and that by standing together we can help each other to ensure its success.
A blow has been struck today for what is right and fair. We have won a battle against evil. The war is still ongoing.
Keep the courage,
Free speech never dies !!
I am amazed that people have such low self esteems, and are such absolute perverts to simply go out of their way to make people’s lives miserable. I am convinced that these are the people that think it is okay to rape the girl next door and go to church the next day, people with absolutely no moral values and the brains of a baby ...
What they don’t realize is that freedom of speech, freedom for each one to live our own lives, in full respect and care for others, will always, always prevail.
Please all, great the Biker and Teacher as we have to respect their decision, no matter how sad. And, above all, let’s keep up our alert, and remember that free speech and free thinking can never be conquered.
Brain Attacked! Film at eleven!
With that in mind I thought I would open the shadows on my most recent attacker. Perhaps in the light of the sun his or her deeds will illuminate us all.
Yesterday (January 28th) a person calling themselves ONE VISION began posting on sites linked to The Secret Brain. The first thing that I noticed was that ONE VISION was using as his/her profile image a photo of my good friend, the photo of him available on his companies website. I quickly visited other sites and found ONE VISION comments on almost all of them! This began to be very concerning to me. Clicking on the comments took me to ONE VISION's profile which listed two Blogs, secretbrian and secretbryan. Those Blogs contained my friends picture along with links to his professional company blog AND his companies website. They also contained the threat to expose my friend as Artfuldodger! I immediately left a comment warning ONE VISION that what they were doing was CRIMINAL and that my friend and I both viewed this with the utmost concern and would prosecute to the fullest extent of the law.
I immediately wrote all of the bloggers I had email addresses for to alert them to ONE VISION and ask that they delete any and al comments from this criminal. They agreed and the word began to spread. Within a half hour ONE VISION had removed the content from both blogs, and they are now empty.
At that time I had no idea how extensive or far-reaching this attack was and decided that the best course of action was to remove The Secret Brain and see where this would lead. That decision was prompted by the fact that my friend, a married, professional, innocent man, had been dragged into my Sex Blog by association. I did not want, not do I want, any harm to come to him or his reputation. We've been friends for over twenty years, and although we live 400 miles apart we stay in close contact with each other. It is that contact that I believe resulted in the problem in the first place. And it was my mistake that led to it. Again, I have no proof, but the only tie that binds us is a favor I asked of him. In order to post banner images on site such as Clix, LicList and others, you need to post them to public servers. I asked my friend if he had available server space to do so for me. He agreed and created a new site simply to host those images for me. That site is registered in his name. I believe that is the weak link and resulted in him being accused of being the Artfuldodger. That was my mistake, not his.
Last week a comment (from a known blogger) was posted on The Secret Brain that caused me to begin comment moderation. This comment, in quotes, revealed the name of my friends company. I took this very seriously, the blogger in question had never commented on my site previously and has a history with my site. At this time I am not going to name anyone, I certainly will not be the one to attack someone without proof. Suffice it to say that several additional clues have come to light since yesterday that all point to this particular individual. Circumstantial proofs, but I believe by early next week I will have more concrete proof in hand. If that individual is reading this please know that my friend and I plan to pursue this criminal action to the fullest extent available to us. Identity theft is a serious crime and we take it very seriously, as do many of our friends and colleagues. However, there is ONE way out that will result in our forgiveness. Admit it. Simply own up to the fact in public, on your blog, and all charges and future charges will be dropped. Otherwise we will never stop looking for you, now and in the future. I can promise you that much.
Again, I believe that we all must stick together in the face of these ongoing attacks. In my personal case I am currenly considering returning the Secret Brain to operation and taking away my attackers primary weapon against me, my anonymity. Obviously this is a big decision, but if they are so hell-bent on exposing me, perhaps I should do it for them, so they'll leave my friends alone. This is something that I am thinking about for the next few days. There are lots of things to consider before doing that, but currently I am leaning in that direction.
As always, if anyone has any additional information that might help in our investigation, please share it no matter how trivial it might seem. You can do so by leaving a comment here on SIC or by emailing one of the contributors and they can get the information to me. Thank you all. And good luck.
Saturday, January 28, 2006
Bright ways to go dark, part 1
Before getting into the more substantive problem let's dispense with the "trivial" case of site hijacking first. (I say trivial though a single hacker has caused enormous damage because the remedies are technological.)
#1: If you own your domain name don't let it expire! As the fees for registering a domain drop closer to zero and the technology for detecting and picking up expired domains has gotten easier it's just too easy for the spam-minded webmaster to harvest your domain, especially if it's got a good flow of traffic, and replace it with a link farm pointing your erstwhile users to commercial porn, gambling, or viagra sites. Yeah, chances are your users won't come back, but the economics are such that the hijacker can make enough money from the few click-throughs to make it worth his while. Some registries have an automatic renewal feature. Assuming the registrar is at all reliable it's a great idea to use it.
#2: If you get email from someone claiming to represent your blogging host with a "click this link to protect/confirm/change your important information" delete instantly. It's almost guaranteed to be a phishing attack, a bogus message pointing you to a bogus website where you'll politely enter your login name, password in the superficially recognizable forms... and possibly lose your site for eternity! If you just want to make sure, close the email, mark it as spam, then open a new window in your browser and navigate to your blog host through their main URL (e.g. "www.blogger.com") and navigate from there to the site's news page or to your account-info page. If there's something you really need to do you'll find out that way *and* you'll know you've gone to the right place to do it.
#3: Tidbits: A) If you access your site from a public machine make sure you're somewhere reputable. It's not likely that a black hat will go to the trouble of harvesting everyone's names and passwords at their internet cafe but it's always possible. B) *Do* be sure to log out before you leave though. It's far more likely that the next person to use your machine might get curious and look in the browser's history or just click the "Back" button a couple of times to get back into your blog administrator. If you're logged out of that system it won't let do much damage. C) Use a good password -- something easy to remember but hard to forget, preferably something with numbers and capital letters as well as lower-case letters. (My favorite trick is to pick a memorable song lyric or slogan and make an acronym out of it. For instance, "Roll your leg over oh roll your leg over (it's better that way)" becomes Rylo0rylo. Easy to remember, hard to guess.)
More in a following post
Update: Oh bother! I'm not used to Blogger yet and didn't realize I'd gotten comments to my previous post saying people weren't phished via email after all. Yikes! That doesn't mean this advice is invalid. It does mean it's terribly incomplete. Sorry about that. More later though.
To all my blogging friends
The old Artfuldodger is saying goodbye this morning with a heavy heart and a tear in his eye. I started The Secret Brain on December 5th, 2005, less than two months ago. And like everything that I do I put my heart and soul into making it the best that it could be. During this short time I met many wonderful, amazing, talented and open people, people that are among the best that I have ever known. I thank you for that opportunity and for opening your arms to me, and eventually to Lady L as well. We both sincerely appreciate that more than you could possibly ever know.
For whatever reason, The Secret Brain has found itself under attack since the beginning from unknown and known forces that have tried to bring it down. From spam attacks, to hacking, to stealing, to threats and other attempts, someone has had it out for me since day one. I'm not sure of the motivation and it doesn't really matter much to me at this point. This morning was the last straw. The carefully constructed shield is gone and the potential for exposure is all too real. I cannot afford to allow that to happen. And so whoever they are, they have finally succeeded and I hope they are happy this morning, because I am not.
The Secret Brain is gone, never to return. I will be leaving my email intact for the time being and then shutting it down as well. I have some unfinished business with one of your site designs, and for the others who have requested help, please forgive me but I will be unable to complete those projects.
Again, I dearly love you all and have enjoyed my time as a member of your proud community. It would be my pleasure to return someday among you and to always count you as my friends.
Keep the courage,
Artfuldodger - The Secret Brain
Friday, January 27, 2006
Nympho Girl's blog has been hijacked again
Fri, Jan 27, 2006 at 11:47 PMIf you have alternate blog provider suggestions, please post them in the comments.
My blog has been hijacked again. If you go there now, you'll see "FREE VIDEO CHAT CONNECTY LOCALLY!" (sic).
I think I'll have to give up on blogger.com. I'm thinking about setting up somewhere else. I have a friend who has a domain I might set up on, or maybe I'll set up my own domain. Or...do you know a blog provider who's got better security?
Thursday, January 26, 2006
Blogger Buzz: BlogSafer
File under: weird shit
"...just before my blog was apparently first taken over I started getting spam emails from the same source..."
Below is the text of another of these spamails, that she received today... it seems as though the nightmare is not over for her yet. Does anyone have any idea of what is going on here? Is there anything she can do?
Updated five minutes later (if only i weren't so damn quick to click Publish Post, and checked my freakin' email first. Curses!)
Note the above link. It seems to have a list of the HackerAsshole's sites (under 'Celebrities') on the upper left sidebar.
Delivered-To: firstname.lastname@example.orgReceived: by 10.65.156.6 with SMTP id i6cs78355qbo; Wed, 25 Jan 2006 18:48:08 -0800 (PST)Received: by
10.70.28.9 with SMTP id b9mr1689861wxb; Wed, 25 Jan 2006 18:48:08 -0800 (PST)Return-Path:
pcp0011650890pcs.aberdn01.md.comcast.net (pcp0011650890pcs.aberdn01.md.comcast.net [
188.8.131.52]) by mx.gmail.com with SMTP id h20si1840019wxd.2006.01.25.18.48.07; Wed, 25 Jan 2006 18:48:08 -0800 (PST)Received-SPF: neutral (
gmail.com: 184.108.40.206 is neither permitted nor denied by best guess record for domain of email@example.com)Date: Wed, 25 Jan 2006 23:49:03 +0000
From: "Best Offer"
This is a multipart message in MIME format.------=_NextPart_8J679G9GI3DK9FD1HBA090004Content-Type: text/plainContent-Transfer-Encoding: 8bitHello Housewyfe,At this time we can offer a small update at our system - LS-L0 LITA and LITTLE CUTIES!
Studio and our little stars are proud to present their new project. You can now compare this one with our other sites, judge the level of professionalism and exposure of subject, with have never been so high! Starign from over
4,000 HQ pics, the project features sets made in the studio, as well as on the side of nature. http://nonsupport.bigsitedeal.com/7/?antibiotic
Our great and unique offer: for each subscribtion You get access to anotherthree sites from our portal for 31 days... without any additional payments!Simply subscribe, select and use!MSGID: 1FqFKH6O4Zq0EmtingliervDQJNqAuWqIWkg
------=_NextPart_8J679G9GI3DK9FD1HBA090004Content-Type: text/htmlContent-Transfer-Encoding: 8bit
At this time we can offer a small update at our system - LS-L0 LITA and LITTLE CUTIES!
Studio and our little stars are proud to present their new project. You can now compare this one with our other sites, judge the level of professionalism and exposure of subject, with have never been so high! Starign from over 4,000 HQ pics,
the project features sets made in the studio, as well as on the side of nature.
Our great and unique offer: for each subscribtion You get access to anotherthree sites from our portal for 31 days...
without any additional payments!
Simply subscribe, select and use!
Wednesday, January 25, 2006
Don't buy anything with a phishy smell
According to Wikipedia, phishing is
In computing, phishing is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.
See the entire entry on Phishing here
When emails about the latest round of site hacking first circulated it seemed both odd and ominous when people mentioned having just changed their passwords. It sounded like maybe there was a security breach at Blogger/BlogSpot. That would have been a very big deal, since Blogger is owned by Google and they're generally pretty security savvy even if they're a little laissez faire about what happens to the services they provide.
Instead it sounds like one or more individuals have figured out a new Phishing scheme. It explains how people were saying “right after I changed my password...” He’s been using a social-engineering/phishing exploit where he sends you email claiming to be from this or that company saying you need to update some kind of personal information. As a "courtesy" the message contains a link.
Instead of taking you to the company's site, however, The provided link actually goes to a page on the hacker's website that's mocked up to look like the company’s site. You dutifully enter type your name and password, and maybe your credit card numbers, address, social security info and mother's maiden name, and then he’s got it to do whatever he wants.
It’s very, very common to get these from identity thieves, who typically imitate eBay, Amazon, your ISP, or your bank or stock broker. This is just a new twist.
I'm not surprised this has turned out to be a pornography link-pumping scam. Unlike censorious types (who tend to be less subtle and more public) there’s money in it. Sometimes lots of money. This guy was hijacking blogs to make money. Targeting your traffick to make money. Depending on your good name to make money.
The good news? It sounds like he wasn’t hacking people’s passwords directly, probably not even trying to guess them. Instead he used a very old-fashioned way that seems to work fabulously well: he puts on a policeman’s uniform and asks us politely “for your own security, sir-or-mam” and we tend to comply reflexively.
Key defense: If someone claims to be representing a vendor and via email or phone asks for personal information such as account information and, especially passwords, don’t provide it. If there are links in the email don’t click them. If they provide phone numbers don’t call them.
Instead go to the phone book or to Google. Look up the company’s official phone number or website and navigate to the appropriate departments and/or web pages that way.
Phishing has become such a problem that very few if any institutions request information via email any more. They haven’t asked for information over the phone for several decades. Chances are extremely high, therefore, that all messages that include a solicitation for personal information come from criminals who are trying to steal something from you. Just don’t go there.
The other good news, by the way, is that it's safe to change your passwords *IF* you do it via the official Blogger website. And if you've got an easy-to-guess password (security experts say an unbelievable number of people use either "sex," "golf," or "score") then it's *always* a good idea to change it to something a little tougher to guess.
Tuesday, January 24, 2006
Corinthian Couple's Site
Their site had been down for several weeks.
It's now been replaced with a porn site.
You might want to unlink them, if you haven't already. Looks like their site is gone for good.
The lightbulb just clicked for me reading the post below, especially when I got to the name. That's Him!
As most of you know my site was also hacked, along with so many others. For two days I fought to get my words and my site back, fought against a nameless, faceless bastard. I did manage to get it back, with some damage and lost posts, but 95% back and a lot smarter for the experience.
But here is the NEW thing. This past monday a fellow blogger wrote me to inform me that my site was also posted (In total!) at another website: http://bangblog.info
I went there and there was the Secret Brain, in all its glory. Someone had lifted my entire site and transplanted it on another domain. My original site was still intact and what purpose this would serve, I do not know.
I immediately did a WHOSIS on the domain and learned that the domain was owned by Rogerio Anicio Oliveira!! Of course, on Monday I did not know that he was the very same hacker that had nearly destroyed so many of our sites.
I wrote Rogerio a stern formal legal sounding email and he replied in seconds, "Fuck You" was all he said. Alright. I then tracked the ISP provider to Planet.com in Texas and wrote them a nasty, legal sounding email. I also copied Rogerio on that one. Now the ISP provider didn't help much at the time, I would have had to move things along in order for that to happen, but apparently old Rogerio had had enough. Minutes later my information was gone and replaced with a blank blog, which is still there today.
Now I know that those two incidents are indeed related. I thought it would be worthwhile to further inform and warn us all that Rogerio is not stopping at simply hacking and destroying, but obviously has other plans as well.
Forewarned is forearmed. Keep the courage.
Here's the Culprit!
Recently, several adult blogs have been hacked, hijacked, and stolen. This was first brought to my attention by Evil Minx, O, and most recently, The Venting Housewife. Some douchebag has been hacking Blogger accounts, and taking over people's blogs - replacing most or all of the links with links to online porn sites. The disgusting part, is that these sites are sometimes beastiality, or child porn, or "cum guzzling sluts horny for you!".
The Bloggers are permanently locked out of their account, because the asswipe has changed their password. Not only that, but, he changes the email address for the account so that the blogger can not have their password emailed to them. (Like you do when you forget your password.) They get to sit back, and watch as some asswipe runs their blog, their reputation, and their identity into the ground.
By publishing what I am about to, I am making myself a target. (Though, I hope to Christ nothing happens to my little patch of hell...) In the event that this blog gets hacked - and you will know it when it happens, I will immediately move to another blog that you all know well. You'll find it, trust me.
I have found and will now publicly identify the hacker. There is plenty of evidence, which, for reasons of time and energy, I will not post here. However, those who would like to read it can send me an email (see the sidebar), and I'll send you the text document.
So now, lets give a big, warm Corporal Kickyourass Welcome to Rogerio!
Mr. Rogerio Anicio Oliveira is hereby accused of Identity Theft, Hacking, Fraud, and being a complete and utter waste of space. He has been hacking blogs everywhere, to use their links for his own personal gain. This scumbag profits by directing traffic to porn websites. They pay him for the links, and he steals them - and the space needed to host them - from bloggers like you and I. Good people like The Venting Housewife, Housewyfe & Caveman, Desirous, and Viviane have had their blogs used as billboards for smut by this greasy cocksucker.
His address, in the event you would like to send him a nice letter of appreciation for his assault on our identities, our security, and our eyes, is:
Mr. Rogerio Anicio Oliveira
Av. Minas Gerais, 39, AP 201
Centro Santana do Paraiso, Mi
His telephone number, should you wish to contact him, and thank him personally, is +1.333 251 5190. (Oh, and if you are calling from Canada, be sure to add 011 55, before dialing the number.)
Lets not stop there! This cunt operates www.rogerlinks.com, and his blog can be found at Rogerlinks Blog. Lets be sure to stop by, and leave him some comments.
After doing that, we could send him a couple thousand emails. His email addresses are firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org. He often establishes contact first, by sending an email to an adult blogger, looking to trade links. In the email, he provides a link to one of his many sex websites. So, not only is he a hacking cocksucker, he is also a spammer. This guy is some piece of work.
This cunt MUST be stopped. I am urging all of you to make this greasy Brazilian bastards life a living nightmare. We'll flood his Inboxes, Terrorize his blog, and continue to report him to the company that hosts his website, who you can email at email@example.com .
In the meantime, Blogger needs to be held party responsible for this embarrassing lack of security, and their unwillingness to assist those who have been hacked. The hackees that I have spoken to are left at the mercy of Blogger - begging to have their accounts returned to them - trying to prove that they have been hacked. Blogger is a free service, so - they can't be held liable for their stupidity. They have no obligation to any of us, and they have no reason to be speedy in their replies to the cries for help.
But, in the meantime, lets gang rape this hacking motherfucker.
Gains over Morals
I wouldn't put it past some of the religious cocksuckers, but the most recent attacks have been directed at generating profits.
A recent investigation (of sorts) has shown that this is what happens...
1. The hacker gains access to the username and password of the affected Blogger account. This could be by hacking into Blogger itself, or, by sending a bogus email from Blogger, requesting you to change your password. (As in some of the more recent cases.)
2. The password, and the email attached to the account is then changed. This is done so that the actual user cannot have the password sent to their email address. (Thereby regaining control of their blog.)
3. The hacker then changes the links originally on the Blog, and adds some of his own. All of these links are for assorted porn sites. All of which are owned in full, or in part, by the hacker.
4. When regular readers visit the blog, click the links they usually click when reading their friends Blog, they are redirected to one of the hackers sites. All of these sites get the benefit of traffic, and the hacker gets money for generating traffic for these websites.
5. The Blogger is left trying to get their Blog back, with the assistance (HA!) of Blogger. This hacker has, to my knowledge, never released a blog from his control once he has milked its potential.
It is easy to blame those associated with religious, and uppity-bitch groups. And, I don't doubt that some of the hackings have been their doing. But, I've gotten emails from several hacked Bloggers whose links have been replaced with other sex blogs. A religious group would be trying to stop the online sex industry, not helping to spread it around.
Now, the good news. I am still checking some details, but - I will be posting an article at my blog (by tomorrow) giving the hacker exactly what he has coming to him. After that, he will be at the mercy of the Blogging community.
Monday, January 23, 2006
A less immediate but no less real threat
The original use was to protect the phone company from lawsuits for allowing, say, a kidnapper to use a telephone to deliver a ransom message. It's been used more recently to defend ISPs against laws requiring them to screen out erotic or pornographic content. Another instance might be Blogger.com who could argue that since they don't screen people who want to create blogs they're not responsible for content that could be construed as illegal (or even just immoral or unconventional.)
Well, there's a bit of a move afoot by service providers to charge extra to certain web services in exchange for speeding up performance for those sites. For instance for a (not so small) fee AT&T might make Yahoo! pages come up faster than Google's when you surf via their DSL lines.
Yes, there are all sorts of moral, practical, consumer-choice, and ethical issues we could raise over that.
I'm just thinking that with that kind of tailored processing in place it would be a very, very small jump to regulators saying "well, if you can do that then you can also block any web traffic. You want us to approve your scheme you have comply with ours."
Here's a link to the Washington Post TechNews article on the topic that's been knocking around for a day or two: The Coming Tug of War Over the Internet.
I emailed Wendy, and heard back from her:
Naturally, she's pissed as hell. Of course, i advised that she come here and partake of all the knowledge and tips available...
Watch this space, folks...
Friday, January 20, 2006
And if you do get your own domain name ...
I've been investigating this recently, and it turns out that there are a few services which offer anonymous domain registration. This one, for instance. I know a few people who have used anonymous registration and, yes, it does seem to work. But if anyone knows of a few more such services out there, drop the links in the comments.
How to Foil Search Engine Snoops (Wired)
The government isn't asking for search engine users' identifying data -- at least not yet. But for those worried about what companies or federal investigators might do with such records in the future, here's a primer on how search logs work, and how to avoid being writ large within them.
Thursday, January 19, 2006
I need help!
I have a stalker. This is an ex of mine.
He has been harrassing me for several months, in a variety of ways, mostly stupid ones, leaving me disgusting comments, and so on. Recently though, he has shifted his harrassment to my vanilla blog, and to my family, in particular my daughter.
He has been linking my (real) name to porn pages and adding my daughter's name to html pages for porn and uploading them. The crawlers hit them and now when you google us, our vanilla blogs and real names, hits come up for anal teen porn and such... My daughter is only 12 - so he's intentionally sending pervs seeking teenage prostitution to the vanilla blog she and I share - yes... that's one of the pages he has created to link us... teen escort services. Motherfucker!
I took down the blog - so far it hasn't helped.
The sitemeter is rampant with searches for child porn.
And the caches show our names and city.
I'm more than upset.
Trying to stay calm.
I want revenge, but more than that I want to do something about it, I want most of all to protect my lovely daughter.
Like many kids, she has a blog of her own. I have taken her personal blog down, because of the very real possibility that some freak out there might contact her. But the reality is that now any determined pedophile scumbag could still find her, via caches and so on. He has added her name and school to his html pages. I am terrified.
What makes this all the more disgusting is that this man is a parent, with daughters of his own, and you would think that no matter how angry he might be at me for dumping him, he would have enough decency not to put a child in danger.
Anybody out there with ideas PLEASE email me.
I am closing the comments because he IS reading here.
You have a small penis...
Just thought I should share that with you.
And you are terrible in bed.
King of demons my ass.
King of viagra would be more like it.
Of course, with that tiny wrinkled thing I doubt if they'd pay you for advertising.
Sorry folks... needed to get that off my chest.
So please, please shoot me a private email if you have any suggestions or think you can help.
Thanks in advance.
Desperate in the Realm.
Okay, we've opened comments.
Please remember that any 'suggestions' should be sent in private.
And don't forget to say hello... he must really like it here, he's reading every day.
Strange email from Blogger?
Subject: Blogger Account Information
This email is a response to your request for information about your Blogger account. To regain access to your account, please click on the following link:
(Link omitted because I don't want anyone clicking on it! Although I can say that it begins with the standard http://www.blogger.com/ URL )
Clicking on this link will take you to a web page that will let you choose a new password. Once you've submitted your new password, you'll be able to log in to your Blogger account.
If in the process of recovering your password you see the log into Blogger page, please see this Blogger Help article for information on how to fix your browsers cookie settings:
You could also try logging in/recovering your password from a different web browser - we recommend Mozilla Firefox:
The Blogger Team
So could this be some sort of Blogger phishing scam? A way for site-hijacking scum to con their way into your site? I don't know, but I certainly think it's something to be aware of - and wary of. Thoughts?
Monday, January 16, 2006
Thanks a freakin' bundle for the support, Blogger.
My initial reaction was, quite understandably, WTF????
So I clicked the little Help icon, next to the word 'Verification', and was provided with a pop-up, the title of which was "Blogger: Emerging on the other side...: Blog Locked".
It proclaimed the following:
Your blog requires word verification
Blogger's spam-prevention robots have detected that your blog has characteristics of a spam blog. (What's a spam blog?) Since you're an actual person reading this, your blog is probably not a spam blog. Automated spam detection is inherently fuzzy, and we sincerely apologize for this false positive. [Minx's italics, accompanied by a roll of her eyes and an obscene finger gesture.]
Before we can turn off mandatory word verification on your posts we'll need to have a human review your blog and verify that it is not a spam blog. Please fill out the form below to get a review.
Find out more about how Blogger is fighting spam blogs.
Remove word verification from posts
Word Verification: Type the characters you see in the picture below.
[Predictable word verification exercise]
Email Address: [provided]
We'll contact you after we review your blog.
[Send Request button]
Already angered, I clicked Send Request, and was directed to this link:
I'm sorry... what???
I write for my own enjoyment and soul satisfaction. I write about my life, I write about sex, I write erotica, and I write other posts that have nothing to do with either. I do not write spam. I do not condone spam. I hate and abhor spam.
I do not write or perpetuate spam or hacking or anything similar, as you all well know, and is self-evident by my inclusion as a member of this blog.
But according to Blogger's algorithms, my blog has been classed (albeit temporarily) as a "Spam" blog. Because, you know, Blogger knows this shit. Blogger is the world authority. Blogger is capable of preventing mass hacking into peoples' blogs, and interference in bloggers' freedom to write as and what and when they wish.
To which my reply is obscene in the extreme, and deservedly so.
This angers me intensely. Precisely because it is the same kind of illiterate, knee-jerk moralising crap against which we, who unite here, stand.
I quote Holiday, in his eloquent and articulate response to his hacking experience:
"The responsibility of artists, and writers top the list in my estimation, is to offer insights and empathy about the human condition. No mob is more dangerous than the moralistic mob, and so freedom of speech is indispensable."
I quote W. S. Cross, in her post on this blog only a few short days ago:
"...it's a serious subject, especially in a political climate that equates dissent with treason. As President Bush has already stated, he believes the war on terrorism will allow him to trample civil liberties, and ignore the law. Should the administration decide that sexual freedom is a "threat" to core American values, then the current background campaign against sex sites will expand to a full attack..."
I presume that I'm not alone in this. I last posted the day before yesterday, with no such restriction. Although, yesterday when I logged into Blogger, I noticed an option entitled "Skip Authentication".
Well that's a good plan.
Why don't you come out and say it loud and proud, Blogger? A blog that discusses sex is on a par with spam, and is considered as low, meaningless and harmful as such.
Please do not misunderstand me for a second. I am completely and wholeheartedly against the hacking of innocent blogs. I do believe that Blogger should change their security measures, and if this helps stop a blog from being hacked, then that's great.
But to place a moral value judgment on me or anyone else because some stupid naive asswipe jerkoff of a developer at Blogger thinks that the words "fuck" or "orgasm" or "penis" can only mean spam?? Nuh-uh, guys, Not acceptable. I fart in your general direction.
Frankly, I'm all for moving to TypePad. Any advice on how to do that and retain my gorgeous sexy template can be emailed to me at minxy dot grin at gmail dot com.
Thanks a freakin' bundle for the support, Blogger. Now kiss my ass.
Your thoughts and comments welcome. Just give me five minutes to cool down.
Sunday, January 15, 2006
Why you should switch to Firefox now (CNet.com)
Can you imagine the Internet without pictures? A new flaw in the way Windows, and therefore Internet Explorer, renders JPEG images--one of the most common image formats on the Web--should make you think twice about whether you should display them. At the very least, it should nudge you into considering an alternative Internet browser, such as Firefox.
The code to exploit this flaw is now public. Usually, exploit code release is the first step toward a new virus or worm, and as we have seen before, the time from exploit to virus is generally about two to three weeks. In other words, the clock is ticking.
Strong passwords: How to create and use them
Your passwords are the keys you use to unlock your computer and online accounts. The stronger the password, the better the security against intrusion by hackers and thieves, who could use your information to open new credit card accounts, apply for a mortgage, or even chat online disguised as you—and you wouldn't know it until it was too late. It's not hard to create strong passwords. With a small amount of effort on your part and some tricks provided in this article, you can help improve the security of your computer.
|Strong password checklist|
|Create a strong, memorable password in 4 steps|
|Keeping your passwords secret|
|How to access and change your passwords|
|What to do if your password is stolen|
Useful resource: Gibson Research Corporation
Steve speaks on computer security subjects weekly with Leo Laporte (of TechTV's "Call for Help" and "The Screen Savers") in their weekly podcast Security Now!.
The other way someone could steal a username and password, albeit less likely, would be thru the use of a packet-sniffer. A packet-sniffer is a program that picks up all packets off of the network cable you are attached to. You can then sort thru the packets and see the data within the packets.
If the data isn’t encrypted it is possible to find usernames and passwords in the data.
In order to get blogger usernames and password, someone would have to be on an Internet artery that blogger is also on. Your average Joe isn’t going to have access to traffic going to blogger.
In any case, I’ve already sent a suggestion to blogger about getting the login pages encrypted using a certificate system like you would use for credit card transactions (SSL). This would make it harder for the hackers to get the information since it’s encrypted.
In most cases, lacking password and username security is to blame for internet hacks.
Jeff is very much correct that you need to use a combination of upper-case and lower-case, as well as numeric character. I would also encourage the use of special characters such as @%$. It is also important to try and stay away from dictionary words.
Password security is the first line of defense for your blog. Please, please, please, I can't stress enough the need to use strong ciphers for your password. A combination of mixed case letters and numbers is the best protection.
With all these restrictions, how do you come up with a password that is mixed in case, has numbers and specials, and isn’t a dictionary word?
I usually start out with a phrase… such as “Keep Away From My Data You Bastard”, and then I make an acronym out of it… KAFMDYB. This password now needs to have a mix of upper and lower case alpha characters. KafMdyb would work. Now it needs numbers, if all else fails you can go with the date you made the password. KafMdyb0115, it still needs specials. I like to change out vowels for specials… so the final result would be K@fMd*b0115.
You can come up with your own pattern for making passwords, and once you have a pattern or a routine you use, you just stick with it. Using the same routine makes the passwords easier to remember.
Top 10 Netscurity New Year's Resolutions
Another year has flown by. From a malicious code and security standpoint, 2005 continued to see a rise in phishing attacks as well as an evolution to more sophisticated phishing attacks. It was also a year where the malware underground and organized crime continued to join forces to write malware that was not only annoying, but written more professionally and with more financial impact on its victims.
With 2006 just getting underway, we are already in the midst of the first critical security issue, as Windows users, security administrators and the security industry struggle to battle the WMF Image Handling Exploit. But, the beginning of the year is also a time for making New Year's Resolutions. People will resolve to lose weight, quit smoking, get out of debt, and a myriad of other things. History has shown that most people lack the conviction of their beliefs and will never see their resolution through to completion. I have resolved to lose some weight every New Year's Eve for the past decade- still waiting to come up with a plan or the self-discipline to do it, but its a resolution nevertheless.
As you sit down to ponder 2005 and dream about 2006 I wanted to offer some things you can consider using as your Internet / Network Security resolutions. So, here is my Top 10 list of things you can resolve to do to be more secure in 2006:
The Secret Brain's blog is back
Just to let you all know, blogger suspects a Phishing scam is involved here, so be wary of entering your information. Make sure you are on the page you think you are on when you're surfing. I suspect it might have something to do with my previous Hotmail account. Currently you can reach me at the temporary Yahoo email I've set up, but this only a temporary fix, until I can get a good secure email account set-up. (my emphasis)
So, the Secret Brain is back and will be better than ever. I have back up copies of ALL my posts now, safe and secure, so if something like this happens again, we can be back up and running in no time.
Never give up, never surrender. :) -----------------
If anyone needs a Gmail invite, drop me an email.
Google Safe Browsing for Firefox
During the day I am a mid-career System Administrator and Information Security Professional. However, most days it seems my “real job” starts when I get home from work and I sit down at my PC to work on my writings and bloggings.
As a member of the Electronic Frontier Foundation I am against censorship on the Internet. I also believe in that the ability of persons to conceal their identity should be protected.
As a member of the Erotica Readers and Writers Association, I want to be able to promote and post what I write on the Internet without fear of reprisal from the far right.As a Republican, I support my President. I have done work as a military contractor in both Afghanistan and Iraq, and I support the Global War on Terror.
However, that being said, there are some kinds of speech which I do not feel should be protected. Those sites that promote hate, racism, bigotry, or are designed to slander or to do financial harm to others should not be tolerated.
Saturday, January 14, 2006
How to Backup Your Blog, and related news
Some recent posts by bloggers on the current rash of hacks: it appears that the problem is widespread:
Dirty Filthy Princess, on Desireous
Figleaf, who has some great tips on how to shake internet stalkers, as well as how to protect and maintain your anonymity.
Also, here are instructions on how to create a backup for your entire (blogspot) blog:
The above instructions will allow you to create a single file with your entire blog on it, including all of your comments.
Finally, if you'd like to be a team member, just leave your name in the comments here. A number of invites have been sent out already, but absolutely everyone is welcome. There is no requirement for you ever to post at all. The idea is that by being a team member, should you
yourself discover another security issue like the recent one, you can post here about it, and in that way alert the community at large.
And of course, all team members can then post sharing useful information about security in general and ways to protect our privacy.
Blogging is wonderful in part because it is so accessible to people who are otherwise without many tech skills. This very accessibility though means that many people may be inadvertently revealing more than they intend to, and I hope that this can be a place for new bloggers in particular to learn how to best protect themselves.
I'd like to thank everyone who has already posted and shared so generously of their time and knowledge, and particularly the Queen for setting up this blog, Jeff for hosting useful software and making it available to us all (posted about here) and WS Cross for her really excellent post on censorship and its consequences here below.
EFF--A wealth of information!
The EFF is also the initiator of the "Blue Ribbon" campaign for free speech on the internet.
Friday, January 13, 2006
A few very random thoughts
A few things to bear in mind, then:
Although these latest attacks have been from random unknowns, I think there's a much greater likelihood of such things generally coming from people who know you or bear a grudge against you. So it's really important not to give any clues to those around you that you're blogging or even have the faintest idea what the hell blogging is (and although there are thousands of blogs out there, it's still only a tiny percentage of the population who are aware of them). To avoid getting caught, play dumb about blogging. I've spoken to far too many people who claim not to have a blog but seem to know a suspiciously huge amount about them; needless to say, it soon turns out that they've been on the web for years, blogging their string of sexual conquests across the northern hemisphere (possibly). Oh, and a list of blogs in your internet favourites is a dead giveaway too, as well as links to blogger.com or the homepage of your chosen blogging software. Get rid of them and stick the links online, if you must.
Google. Get yourself removed from it - after all, the chances are that 99% of the searches are going to be from sickos and perverts. If there's someone out there searching for blogs to target, why make it any easier for them? And if you think there's even any slight way that your identity could be compromised by your blog, making you searchable, it's another good reason to get your site gone from there. Here's Google's own info on getting removed.
* Oops, sorry folks, I should have been a bit clearer. Unfortunately, you can only do the Google removal trick if your site is hosted on your own webspace (i.e. not Blogger), as you need to place a file there to tell Google not to crawl your site. Sorry - but another potential reason for switching away from Blogger, maybe.
When checking your site stats, don't click on URLs showing where people have arrived from, or else the details of your sitecounter account could appear in that site's own tracking. No, they might not be able to do anything with this info, but who says they can't?
This might not be the case for everyone, and might sound harsh, but if you've got blogs about different sides of your life, avoid sharing anything similar about them, even the slightest detail such as design elements. That particularly includes links or readers. Even the most devoted and trustworthy reader of both sites could make a slip-up one day and reveal something about them.
And although this might sound a bit like biting the hand that feeds, for all its ease of use Blogger sometimes doesn't seem like the most secure blogging package around, does it? Other software is available, as they say, although it's not necessarily free. TypePad offers IP banning and password protection, for instance.
Thank you, suggestion, question
Here's a suggestion. I mentioned it in my own blog too. DON'T send a Word file to anyone...not even through an anonymous email address. Word files have your licensing information attached to them...or in my case, my husband's licensing information. He has a very google-able name. The person I sent my file to now knows my husband's name and where I live. Scary, huh?
The price I pay for being an idiot, I guess.
So here's my question...is there a way to keep your IP address off of other people's site meters? So that when they check, they can't extrapolate from your comment where you live?
Minxing it up...
The freedom to write exactly what and how we feel, with no outside influence, has had an enormous impact on my life -- blogging and otherwise.
Those who would seek to maliciously destroy our freedom are the ones who should be censored. Or, at the very least, have their missions made impossible.
I endorse all previously documented tips, and I add two more:
- If you are working on a standalone network, ensure that you have sufficient firewall security that no-one can access your IP.
- Use a Blogrolling (or similar) account. No-one can add links to your list as there's no copyable code, since all the information is stored securely elsewhere in cyberspace.
(Please feel free to correct me if I'm wrong, but this is the reality as I have been given to understand it.)
Stand with us, not against us. And do, please, comment the love and support...
Safe Sex Blogging
In the meantime, we should continue to spread the word that sex is a positive, life-affirming function of healthy adult behavior-- not the sinful, horrible work of the devil that some religionists would have us believe. Men and women (and men and men, women and women, and men and women and women and men) have been enjoying their bodies since before we evolved. We should live joyfully, love fully and completely, and never let those bastards grind us down!
Let your fellow writers and bloggers know that you won't be intimidated by hackers or video preachers or campaigns to demonize sex. Sexual expression is natural, and the growing market among mainstream consumers for sexual materials should hearten all of us to realize that the average American shares our interest in sex and things sexual. So celebrate and be free!
Protecting Your Anonymity
clear your history after every visit
set your computer not to share passwords
if possible do not sign in to blogger site when log onto a network (people> can gain access through your computer)>
lastly have no info posted that can be linked to real life
use an email account dedicated only to your blog, and not linked to you in any other way.
Gmail and hushmail are best. Yahoo and hotmail will reveal your IP in the headers.
Never check your email from work.
Why we are here...
Im writing every blogger I know about a certain problem. A number of
blogs and their authors are under attack. So far the blogs in question
have been sex blogs hosted on Blogger. There appears to be a weakness
in Blogger's security system. In the last two days I have heard from 2
separate bloggers whose accounts were hacked. In one case the blog was
replaced with links to sites featuring child pornography and
In yet a third case, a sex blogger's URL was sent to her boss, and
the blogger in question received emails threatening to reveal her
personal information to others.
In the two cases of hacking that I have heard of, both bloggers had
changed their passwords recently. The only other commonality (as far
as i know) appears to be that both write sex blogs, and both are
hosted on blogger--these blogs don't even link each other.
There seems to be some reason to suspect that the attacks are
I'm writing to warn people, and to solicit ideas that any may have to
My current suggestion: forward this email or its content to anyone you
know who could be at risk. Perhaps we could set up a blog to post
updates and exchange information about techniques for protecting our
anonymity. One obvious move is to not login to your blog from a work
server, but this is not practical for everyone.
I am sending this email to those of you I know in the blogging
community, but individually, so that our email addresses remain
private. So it's a form letter---my apologies.
Sunday, January 01, 2006
SIC BADGE (On Black) - 128 x 128
CODE: (Remember to change the * to < > )
*a href="http://stopinternetcensorship.blogspot.com/" target="_blank"**img src="http://photos1.blogger.com/blogger/6934/1931/1600/SICblk128.0.jpg"**/a*
SIC BADGE (on White) - 128 x 128
CODE: (remember to change the * to < >)
*a href="http://stopinternetcensorship.blogspot.com/" target="_blank"**img src="http://photos1.blogger.com/blogger/6934/1931/1600/SICwht128.jpg"**/a*
THE ORIGINAL FFF BUTTON 80 x 30
CODE: (remember to change the * to < >)
*a href="http://stopinternetcensorship.blogspot.com/" target="_blank"**img src="http://photos1.blogger.com/blogger/6934/1931/1600/FUicon.0.gif"**/a*
SIC TEXT BADGE - 80 x 50
CODE: (remember to change the * to < >)
*a href="http://stopinternetcensorship.blogspot.com/" target="_blank"**img src="http://photos1.blogger.com/blogger/6934/1931/1600/SIC80.jpg"**/a*
SIC is open to any current blogger regardless of platform, length of blogging, or subject matter. Contributors will be expected to conduct themselves according to SIC guidelines and can be subject to censor or removal, by a majority vote of contributors, should they fail to do so. Such censor or removal is not subject to appeal and the ruling of such a majority is final.
Please contact either O, Demon Queen or ArtfulDodger (The SIC Administrators) to request contributor status.