Skip to content

Monthly Archives: August 2007

on anonymous Russian hacker blogspam


Why sure, anonymous Russian commentor! Here’s my password right here!

Assuming the idea is to harvest valuable passwords from the hopelessly naive, and not something more subtle, it’s an interesting economics problem. Spamming (or in this case, phishing so crude that is looks like spam) works on the assumption that even if only one person in ten thousand ever buys your product, you can make a thousand sales if you send to ten million people. So why not ask a million bloggers for their passwords? Maybe a few will slip up and give you good information.

Whoever wrote the script to send this spam might also consider writing letters to every billionaire on Earth asking for a thousand dollars on the assumption one of them is sure to say yes. After all, there are plenty of billionaires, none of them will miss a thousand dollars, and maybe one will be in an indulgent mood, or senile.

The appeal to such an approach comes from an intuitive or actual appreciation of the fact that [tex]P(\mathtt{totalrejection}) = P(\mathtt{individualrejection})^N[/tex]. That is, if there’s a 90% probability of being rejected on one request, if you ask twice, there’s only an 81% probability that both requests will be rejected. Ask ten times and there’s only a 35% chance all ten will reject. By the time you ask 50 times, and there’s only a 0.5% chance you will get 50 rejections. If the cost of making a request is very low and the benefit of even a single acceptance is high, [tex]P(\mathtt{individualrejection})[/tex] can be very high indeed. This is the probabilistic mechanism which makes spam profitable.

So can that work for spamming a million bloggers to ask for passwords? Or a thousand wealthy people asking for money? Maybe, but it’s different from simple spam advertising. If you’re selling, say, Viagra through an online pharmacy, there’s no cost to you until you also receive the benefit: the customer goes to your automated web site, pays via credit card, and only then do you step in to package and deliver the goods. Here, Anonymous Russian Hacker has to undergo cost without any guarantee of benefit. If I send him a password, he has to visit the site, log in, and look for something worthwhile. And since I know this, it makes trying to lure the hacker into a honeypot much more attractive, making it more likely that that cost will have to be undertaken without increasing the (marginal) probability of benefit.

The Brochus

The Brochus, originally uploaded by Mister Wind-Up Bird.

The Brochu brothers get Simpsonized! All my brothers and I did ourselves as Simpsons, and I used my mad photoshop skills to put us into the same picture! Seamless.

Left to right: Eric, Lee, Tyson, Luc.

California Trainscape

California Trainscape 2, originally uploaded by Mister Wind-Up Bird.

Be Kind Rewind trailer

Remember a couple weeks back when I said that The Darjeeling Limited and No Country for Old Men are my two most-anticipated upcoming films? Sure, we all do. This is number three, Michel Gondry’s upcoming movie about a video store clerk (Jack Black) who accidentally erases the store’s inventory with his magnetic head and has to remake classic movies like Ghostbusters and Robocop.

Joss Whedon interview

Woah, I totally missed this while I was at SIGGRAPH. A huge, awesome interview with Joss Whedon on The AV Club, talking about Wonder Woman, Goners, The Office, life, art and the universe.

At the risk of sounding like the fan-boy I am, there are few people in this world I admire as much as this man. Not only is he responsible for Firefly, Buffy and Angel, three of the very best series to ever appear on TV (and Serenity, one of the best Science Fiction films EVAHR), but in interviews and commentaries he always comes across as funny, gracious and extremely smart. Just a class act all around.

I’ve contemplated getting a “WWJWD” tattoo, but that might just be taking it too far. I’ll settle for one day naming my children after Joss Whedon characters.