The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Tag: Rants

And kvetching, too

  • Busted For What I’ll Never Know

    Busted For What I’ll Never Know

    An email from Electronic Arts arrived in an email account I haven’t used in over a decade:

    Welcome to your EA Account!
    Your EA Account serves as an all-access pass to everything EA, from websites and mobile apps to console and PC games.

    Seconds later:

    Your EA Security Code:
    <<< redacted, not that it matters >>>
    If you didn’t request this code, please go to your My Account page and change your password right away. For assistance, please contact EA Help.

    Thanks for helping us maintain your account’s security.

    Not ever having had an EA account nor being in the process of signing up for one, I did nothing.

    After a few more seconds:

    Dear EA Insider,

    Thanks for signing up. We’re looking forward to bringing you the latest news and information on your favorite games.

    All the emails look to be genuinely from Electronics Arts, not scam emails routed through the usual sketchy / compromised servers.

    Four days later:

    Dear Customer,

    We are contacting you regarding your EA account.

    We wish to notify you that we have found your account to be in violation of our User Agreement or our Terms of Sale, and due to the nature of this violation we are left with no option other than to permanently close your account with immediate effect.

    Which looks much more impressive in email HTML:

    EA Account Closing
    EA Account Closing

    Although I did not respond to the Security Code message, the scammer surely used a phone number under his (it’s always a he) control, because “2FA” really means “pick an authentication method that lets you in”.

    Just for the amusement value, I fed that email address into the EA sign-in page, hit the “Forgot my password” button, and got a Security Code just like the scammer didn’t. I suppose I could change the password and discover / change the phone number, but that would put me in full ownership of an account used for nefarious purpose.

    I sometimes wonder what else happens using my identity.

    A good prosecutor could nail me for Third Party Retro-associative Complicity and, if I didn’t already live in Poughkeepsie, send me up the river.

    This likely came from the old Thingiverse compromise, although that address also appears in the recent dump of a thousand dumps.

  • Optimum Internet: Wall o’ Words

    Optimum Internet: Wall o’ Words

    So. Many. Tiny. Words.:

    Optimum flyer fine print
    Optimum flyer fine print

    For the record, the typeface in that block of Fine Print is 1 mm tall = 3 point, which I find barely readable without magnification and impossible to follow without a pointer.

    I’ve come to realize being a “valued customer” does not mean what businesses want me to think it means.

  • SVG Attack Vector

    SVG Attack Vector

    An obvious spam email blew past the filters:

    Spam SVG Audio - email
    Spam SVG Audio – email

    You can tell it’s spam, too. Right?

    Those of you running Windows should have undone whatever setting removes file extensions from the usual views, because by default Windows won’t bother you with such trivia.

    But, hey, maybe an SVG file can contain an audio recording. I mean, there’s an online file converter for that, so it must be a thing.

    Spoiler: Audio-in-SVG really is a thing.

    Having been around this block a couple of times, though, let’s peek inside the SVG file with a text editor:

    Spam SVG Audio - attachment
    Spam SVG Audio – attachment

    Huh. Not an audio recording, but a Javascript one-liner with a URL/URI/IRI/whatever aiming Your Default Browser at a presumably compromised server.

    I didn’t go further, but surely the payload would wrestle Your Default Browser into a position allowing insertion of a remote compromise.

    Well played, spammer!

    Just another entry in the “Why friends don’t let friends run Windows” category, despite knowing whenever security and convenience come into conflict, convenience always wins.

  • Bizarre Spam

    Bizarre Spam

    Thanks to Google Translate:

    Mrs Sgt Candy Payne spam
    Mrs Sgt Candy Payne spam

    It’s not clear why a Sergeant in the US Army would translate her request for help into Simplified Chinese so I can better understand it, but that’s the world we live in.

    This deposit would move my Quality-of-Life needle, but certainly not in a good direction:

    Mrs Sgt Candy Payne spam - detail
    Mrs Sgt Candy Payne spam – detail

    Today I Learned: there are humanitarian doctors connected with the Red Army in Morocco.

    The cost of sending this junk must be low enough to fuel the spam machine from a minuscule response rate.

    A pox on their collective backside!

  • Medicare Advantage Mail Merge: FAIL

    Medicare Advantage Mail Merge: FAIL

    A postcard arrived last week telling me to call a special number for special deals on Medicare Advantage plans. Being that type of guy, I managed to read the microscopic Fine Print and found this amusing blooper amid the disclaimers weasel wording:

    Medicare Advantage mail spam
    Medicare Advantage mail spam

    Inserting insurance carrier names should have happened before printing the card, so [CarrierA] and [CarrierB] are either placeholders or mail-merge variables.

    Also, you’re seeing the contrast-blown and magnified version of the postcard. The original Fine Print had faint orange ink on light green cardstock: colors having different hues with the same saturation and value to minimize legibility. In general, folks eligible for Medicare Advantage plans have trouble reading Fine Print, so the choice was not accidental.

    Not a compelling value proposition, as they say.

  • 7 mm Tactile Switch Pinout

    7 mm Tactile Switch Pinout

    As is usually the case, the assortment of tiny switches arrived with no pinout documentation. The 6 mm square SMD switches were easy, but the 7 mm through-hole switches posed a puzzle.

    With the switch standing to make the return spring visible as shown, the pinout looks like this:

    7mm Tactile Switch pinout
    7mm Tactile Switch pinout

    TIL, somewhat to my surprise, both the latching and momentary 7 mm switches have DPDT contacts!

    Now I know how to wire the next thing …

  • If Only I Were A Hotel

    Every few days this month, a Korean company has sent identical spam email messages to a series of plausible, albeit unused, addresses at softsolder dot com:

    As a forward-thinking hotel, we know you prioritize cleanliness and guest satisfaction.
    That’s why we’re excited to introduce Harington, an advanced sterilization device designed to provide
    99.99% bacteria and germ elimination for toilets, ensuring the highest standards of hygiene for your guests.

    Wikipedia reminds us Sir John Harington gets credit for inventing the flush toilet, thus explaining the device’s name. Surprisingly, a casual search with the obvious keywords suggests a different origin story much closer to the (nominal) company sending the spam.

    Another sentence definitely gained something in translation:

    A short but happy time spent on the toilet with a trustworthy friend who protects my secret and precious place from bacterial infection!

    The emails have an unsubscribe link, but experience shows clicking only encourages the senders.

    I wonder how much they spent to buy whatever list says my domain is a hotel …