JaBbA's Hut

This one was reported on the Antiphishing working group as an active Phish, but it's really something else. Not that you'd actually want this to happen to you.

This is an email from a 'Vonage affiliate' named ankle4.com. They seem to be offering VoIP long distance service, and I'm sure they are - but that's not their main line of business. The code behind this email is FULL of 'web bugs' - each image reports that your email address has opened and read the email, even if it's just in a preview frame. Then, if you click on the link, it reports that not only did you read the email, but you RESPONDED to it.

Ankle4.com is probably getting paid to track and collect email addresses for future marketing schemes. IOW, they're SPAM enablers. Anklebiters, more like.

To avoid this, use Mozilla Thunderbird. It won't display remote images that may contain webbugs until you click a button to allow the images.

Finally! The FTC is going after Spybot.net, the company that infects your machine and then sends you ads offering SpyWiper for $30. From The Register:

The software exploits a flaw in Microsoft's Internet Explorer to gain access to a computer without the users' knowledge. The spyware interferes with the operation of the web browser, causes CD-ROM trays to slide open, slows down the computer or causes it to stop working entirely. The spyware then invokes a number of pop-up messages which urge consumers to buy programs called Spy Wiper or Spy Deleter to fix the problem for a fee of $30. Regardless of the veracity of the FTC's allegations, this tactic is not unknown among unethical spyware developers.

"tactic is not unknown" indeed. Ethical Spyware companies:

http://www.lavasoftusa.com/
http://www.safer-networking.org/ (Don't make the Cheney mistake! DO NO USE safer-networking.com !!)

The people who make Hooked on Phonics took the list of people who signed up on their site and sold it.

But wait a minute, the site had a privacy policy that said they wouldn't do that!

What they didn't tell you is that they changed the policy - after the fact

The FTC busted them. They had to pay a fine. Oh, good. Government doing its job.

Except the fine was the exact same amount of money that they made from the sale! $4,600.

That's Four Thousand, Six Hundred dollars.

Yeah, they'll think twice before doing THAT again!

JaBbA says thanks to Prometheus Unleashed for the link.

A recent court decision in Boston Federal Court applied a very old concept to the store-and-forward nature of electronic mail.

Essentially, the courts decided that if an email was "stored"...for any length of time... on a server, it was "owned" by that server and the email could be copied and stored for any reason. Federal wiretap laws do not apply, then, and only a much lower level warrant is needed to gain that information. The laws applied here were intended to apply to records stored in a filing cabinet, not for a few milliseconds on a hard drive.

This came up when a online bookstore got a brilliant idea - offer free email services for their customers, and then read the email to find out if they were buying from competitors. Amazingly, this decision got them off the hook!

Mark Rasch has a good discussion of the issue at SecurityFocus.