Tags: linux, servers
ldunbar, speaking as someone who is a master at Social Engineering (and some other skills not to be mentioned in a public forum ;-), I can say that this information can definately be used for maliscious purposes.
Let’s say for example, that I own a business and ship orders within 20 zipcodes locally to me (ground courier). I can whip up a script to pump href="http://www.ucdweb.com/cgi-bin/dbsearch.exe">their zipcode search engine daily with those known zip codes to see what customers are buying and at what frequency, and begin an advertising campaign to move those customers to using my services instead. I could also use that as a way to determine where my next new sattelite office should be located, based on who in the surrounding area codes is buying the highest volume of parts. Kudos to ucdweb.com for providing me with such a useful, public system for doing a demographic study for my business. Now I don’t have to hire anyone to do this for me. I could also drop a name into Four One One and get their address and telephone number. Call them on behalf of the shipper, request a work telephone and ‘best-time-to-deliver’, and use that as a means of exploiting the consumer (or rob their house)
I would use these examples when speaking to them again. They might have a change of face when they realize that they would be liable, and their records would be open to investigation if someone was murdered or something as a result of the information obtained from this type of “service“.
I was just reading a book by John Douglas called ‘Obsession; The Psyches of Killers, Rapists, and Stalkers‘ a week or two ago (mentioned in my diary here) and it details a few people who have gone to lengths like this to get information on people to exploit, torture, and murder them. One guy was stalking a female coworker in his office. He came in on the weekend, called “weekend” security and said he had forgotten his desk keys, and gave them the desk number. They gave him a new set, but didn’t realize he had given them the number to the locks on his target’s desk instead. He opened her desk, made an impression of her house keys, and made dupes. He would enter her house and leave or take things from the house, but she never knew. One day as tensions mounted, and she thwarted his advances, he left a copy of the key in an envelope under her windshield wipers. It got uglier from there, but I won’t go into the gory details here.
Never underestimate what people will do given access to information. The internet is making it easier for these things to happen, and become less and less traceable. A simple kiosk in an “Internet Cafe” can serve as a anonymous terminal to get information on anyone.
XML Tree Support?
To all the XML/XSLT gurus: Is there a tool out there which works under linux, either in a browser or standalone (even Java will do) which allows me to expand and collapse an XML document by branches, the way IE does it? I happened to stick my XML book’s cdrom into a spare Windows machine and go through the examples on it under Windows, and noticed that IE has a really nice method of displaying and manipulating the raw XML document with a nested tree view. I can collapse/expand any nodes at any level. It would be nice to have this in a linux flavor.
Advogato Search Engine
I’m not sure who mentioned it first, but the diary.xml function of Advogato is pretty nice. So here’s my idea, and others are welcome to pick at it. What if we grabbed all the diaries from the People section and indexed them by date and stuffed them in MySQL or ht://Dig so people could search on topics, keywords, or other criteria? lkcl, perhaps this would make a good addition to your new XMLvl site.
Anyone want to begin coding the beast?
I’m sure everybody has already seen, heard, or been a part of the noise regarding Andover.net being down a few times this month. VA is having financial troubles. All of this is sitting on VA-owned equipment and servers, AFAIK, and VA is supposed to stand up for the Linux community. SourceForge is supposed to be a service dedicated to helping developers in the open source community. OSDN is supposed to be a support network for these developers and services.
$ HEAD jobs.osdn.com 200 OK Cache-Control: private Connection: Keep-Alive Date: Thu, 05 Jul 2001 21:23:47 GMT Server: Microsoft-IIS/5.0 Content-Length: 26757 Content-Type: text/html Client-Date: Thu, 05 Jul 2001 21:27:35 GMT Client-Peer: 188.8.131.52:80 Set-Cookie: ASPSESSIONIDGGGQGNRK=MLAAGFMAHGGPCHLAGOLIFLMD; path=/
My spoof domain, http://www.sourcefubar.net is now up and routing. I’m still working out some security issues, but it should go live soon.
The troubles with NSI continue. I have now faxed them copies of my license, my passport, initiated another printed request, this time on “company letterhead”, and made sure that the address of the domain owner (gnu-designs.com, Inc.) matches that on my CT license, my passport, and on the “company letterhead”. All four documents (passport, license, request, and company letterhead) include my title (CEO/Owner) and my signature, and all signatures match. There can be no confusion that this is indeed me. Next we resort to DNA and blood samples. I just want to point my domain to a new DNS!
I notice that my typing speed has increased (as have my errors), and my ability to “understand” problems and fix them is much faster than it was even a month ago. I think this has something to do with diet, and sleep. I’ll have to experiment a bit more with this. This is definately a place I’d like to remain. Find, analyze, fix, all in minutes. Success.
Does anyone find these two images a bit… scary? (remnants of the Nazi regeime where you were “encouraged” to turn in your neighbor):
Ok, back to this Embedded Linux Course. Almost done, only a few more days left to design and test the labs, and then I’m done.