Ian's blog

Is this really true?
I am looking at the m tag page and I see

(Plan 1) Baltimore Region Commuter Plan: (Fort McHenry Tunnel, Baltimore Harbor Tunnel, Francis Scott Key Bridge, John F. Kennedy Memorial Highway and Thomas J. Hatem Memorial Bridge) Pay $20 for 50 trips that are valid for 60 days. Because tolls are collected only in one direction at the JFK Highway and Hatem Memorial Bridge, two trips are deducted for each passage.

That would mean that it is .40 a journey through the tunnel. So if I make 5 trips in 60 days I break even. I am not quite sure how I missed this when I enrolled.

This had me wondering for about 10 seconds.

I got an email that looked like a paypal email.

Date: Tue, 06 Jan 2004 23:29:07 +0000
From: PayPal.com
To: XXXXX
Subject: IMPORTANT vozvshas
Parts/Attachments:
1 Shown 13 lines Text
2 14 KB Application
—————————————-

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five
business days. To avoid suspension of your account you have to reactivate it by
providing us with your personal information.

To update your personal profile and continue using PayPal services you have to
run the attached application to this email. Just run it and follow the
instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in next
five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

vozvshas

This was good, but not that good. It has an application attached called www.paypal.com.pif. It is probably hoping that I am first of all reading the email on a windows box, second that I don’t have view file extentions switch on. This would make it the attachment appear as www.paypal.com, so a user might click on it to update.
Second it has a whole load of spaces then vozvshas at the end. This is sign of junkmail. They use this to track who replies to the email. That would be hard in this case since the from address is @paypal.com.
Third if you look at the headers you will see

Received: from [4.10.152.172] (helo=localhost)
by punt-3.mail.demon.net with smtp id 1Ae0dE-0003og-4Y
for demon-web@dirk.demon.co.uk; Tue, 06 Jan 2004 23:29:07 +0000

I know that punt-3.mail.demon.net is my isp’s email server so I know the email came from 4.10.152.172, it also said it’s name was localhost. If this was a real email server on the internet it would have said its real name not localhost.
Forth. I have never used this email address for a paypal account.

I am curious to see what virus is in the attachment but I won’t see that till I get home.
Moral of the story don’t trust anything that is asking anything relating to money.

Got an email from the isp for projectphotos.net (this is my secondary sever) saying that they got hacked. I checked my index.html and this is what is had.

xC0d3r3d and shellc0de ownz your b0x
Infektion Group
uid=0(root) gid=0(root) groups=503(xpreshost) Linux makoto.xpreshost.com 2.4.9-34 #1 Sat Jun 1 06:25:16 EDT 2002 i686 unknown 2:54pm up 245 days, 3:49, 0 users, load average: 0.02, 0.28, 0.28 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

I managed to convince my car insurance company to give me the 5 year good driver discount. My policy started on the 13 of Jan and my first US drivers license was on the 16th of Jan. They are basically canceling and restarting my policy on the 16th so I can get a discount of a whopping 21 dollars. AS I said on the phone every penny counts.