(I saw all this on Slashdot, but I figure it'll benefit from a little examination. And not all of the three people who will read this frequent Slashdot, so there's no repetition anyway.)
The latest Net craze is phishing: bogus emails, pop-ups and spams which attempt to get the recipient to disclose personal or financial information. Ebay, PayPal and large banks/credit cards are the primary targets. In a nutshell, these fake messages usually try to get people to update or verify their account information. Some say that an account might be deactivated unless the person goes through some steps to keep everthing current. Others ask for an address or phone number update, but you need to "verify your identity" first. The most audacious ones inform "the customer" in as scary a way possible that someone's stolen their account info, and may even tell them to be careful of phishers when reinstating their account. Nearly all offer handy and helpful links or buttons that the user can click on to get started with the information exchange immediately. Isn't that nice of them?
Usually what happens is that those links and buttons are crafted so that they exploit features or weaknesses in most browsers and email clients such that you think you are, for example, going to Household Bank's web site. But you're really going to a very real-looking but completely fake mock-up of a Household Bank page on, say, a Russian web site. This bogus web page saves the personal information you give it, and then the people running the scam either bilk you outright or sell your personal information to people who will then either bilk you or steal your identity. Some of the more fancy phishing schemes even dump you back on a page at the real, official web site after the update or verification or whatever is over. All the better to make people think they were at Citibank's site all along, I guess.
You'd think that emails saying "Hi, we here at Paypal would like you to click this link and enter all your financial and personal information please" would get immediately canned, but phishing apparently has a success rate of about 30%. It's very scary how real some of the phishing scams can look. How many times do you look at the "hover text" when you mouse over a link? How closely do you look at URLs when you finally click that link? How many times do you open a new browser window before going to a web site where you'll have to enter confidential information? When did you disable HTML content in email? Yeah, I thought so. It's a pain in the ass to conduct yourself securely online, so most people don't.
Go take the Phishing Test and see how you do.
By the way, I got 10 out of 10 correct. Whether that's because I knew what to look for in a fake or because (I use a text-only email client) I've never seen a real email from a bank before and so couldn't get lulled into complacency by a logo or whatever, I don't know. I suspect a combination of the two. Because they were all basically new to me, I did read over the email for each question pretty carefully looking for clues. Any spelling or grammar errors, for instance, immediately got it tagged as fake. Whether I'd scrutinize an email in my inbox that closely I don't know. I would pick up on fake URLs. I have to manually copy links in emails and paste them in a separate web browser window in order to view them, and I'd probably notice I was pasting links like http://. Actually, I'd probably just delete the email, even if it was legitimate. If my bank or credit card company wants to deal with me, they can buy a stamp. There are some things the Internet isn't good for.
I've always loved Javadoc. It made it really easy to create documentation along with your code. While I'm a commenting freak (even when I'm in a huge rush I sometimes add comments while I work), I've found myself leaving out comments when I should have taken the time to add them. "I'll add comments later..." almost never happens. If you don't have the time to do it right the first time, why would you htink you'll find the time later?
So I've been wanting a Javadoc-style commenting/documentation system for PHP (which is what I've been 80% of my code in the last couple years). By lucky chance, I happened on PhpDoc. It parses comment blocks and creates documentation. Way cool. I think I'm going to start using it, see if I like it.
So my Aliens rifle thing (I'm building one; don't ask) led me to this prop-makers message board. It's basically for people who make, sell, and/or buy movie props, but it also features folks who dress up as Yoda and go out in public for no good reason at all. People who think they're elves. People who write fan fiction. That sort. You know the types.
Now, I'm not bagging on people who dress up and go to sci-fi or comic conventions. It takes all kinds. It's just that there's a big difference between owning a halloween costume from one of your favorite movies and making a lifestyle choice out of a fantasy, you know? I've gone to more than a few conventions in my time, and more than a couple of those with a costume. I might go again one day. Still, I couldn't stifle a chuckle at the plight expressed in this poor fellow's post. All he wants is to be Spider-Man. Is that too much to ask? I feel bad for the kid...
The nadir of the geek experience, to be sure.
Devo's version of "I Can't Get No Satisfaction" beats the shit out of the Rolling Stones' original version, hands down.
That is all.
These altered Spider-man comics are some of the funniest things I've read in a while. Slightly homophobic, sure, but Peter Parker was always slightly ambiguously gay.
And bonus points to anyone who can find the Tess-ism in one of them.
I just willingly entered my credit card number on a Russian web site. Yeah, you heard right: they have my number and everything. I'm livin' on the edge, man. I paid them 145.32 Rubles. Five bucks. Now I can download 500 megabytes of MP3s. First up, the soundtrack to The Big Lebowski, in MP3 format at a 192kbps bitrate. Total cost? 72.7 cents. They have a lot of old stuff there too. Why go to all the trouble of digitizing your vinyl when you can get the stuff from a questionably-legal Russian web site for a penny a minute?
I'm pretty sure that I won't be using emusic.com or the iTunes Music Store very much anymore.