I recently noticed that my Tripod web site had been suspended “because of a phishing attack and or possible identity theft attempt”. I don’t have much more to say about because a casual glance at the site should make apparent that this claim is patently false: for one, I’m pretty sure the site was last touched before the term “phishing” was even coined, and at no point has it ever contained any content that could possibly be construed as a phishing attack.

This both astonishes and bemuses me, since it should be immediately obvious to anyone who so much as glances at the site that it’s not masquerading as any kind of business or requesting any kind of personal information at all. That said, I’m mostly curious as to what kind of response this will get me, and whether anyone will be able to illuminate the doubtlessly ludicrous grounds for the suspension. I would like to see the site put back up since, after all, I didn’t take it down myself, and the idea that it facilitated any sort of identity theft is so laughable a claim that I can’t possibly believe any human could have investigated it.

Hello and thank you for contacting Lycos support. I apologize for the delayed response.

If you have an old site and the script is not up to date, it will be very vulnerable to attacks. In this case it appears as though your account had malicious code inserted, which is not always obvious when browsing the site as it is the site code itself that is the source of the problem. Unfortunately this is the case with your account which is why we have closed it.

If you would like to bring your site online again simply sign up a new account and upload a backup your web files.

I do understand your frustration in this matter but we have no choice but to close any hacked accounts as they threaten the security of all accounts on our server, as well as cause a number of other obvious problems.

If you have any further questions or concerns, please let us know.

[name redacted]
Lycos Customer Service
http://help.lycos.com

Hi [name redacted],

I appreciate your response, but I must confess that I’m confused. For starters, I was not using any server-side scripts of my own on my site. (To be sure, I would have liked to, but the particular scripts I had wanted to use were unable to run on Tripod’s servers because of—ironically enough—security concerns.) The closest anything on the site came to that, as I recall, were some pages created with FrontPage that would have used extensions installed on your servers—but those would have been maintained by Lycos, not me, as I had no access to those server-side components. Thus if there were any malicious code inserted on my site by “the script,” it would have had to have been caused by security vulnerabilities in code that was neither uploaded nor maintained (nor maintainable) by me.

Second, the notion that you must “close any hacked accounts as they threaten the security of all accounts on our server” reads like a weak excuse—I’m not sure whose policy that is, but whoever approved it appears to not understand basic principles of security. Any reasonable server configuration would isolate the security of other users’ accounts from that of my own; else there would be nothing stopping me from intentionally adding malicious code to my own site so that I could maliciously subvert the security of other accounts on your server. I don’t imagine that that would be possible, and if it is, that’s again indicative of security vulnerabilities of your own that are entirely outside my own control. If I am somehow mistaken in the assumption that my site could not actually pose any security vulnerabilities to other accounts on your servers, I would encourage you to forward my comments to whoever would be in the best position to audit your own security practices.

Furthermore, your suggested remedy that I create a new account from a backup is fundamentally flawed: if I were running vulnerable scripts on the first account, they would obviously still be on the second account, since I’ve been given no indication as to how this malicious code (which I haven’t even been able to look at myself) was allegedly added to my site. (Throw in the fact that I wasn’t running any scripts at all and it makes matters doubly confusing.) In addition, creating a new account necessitates using a new web address; since Lycos would still be hosting the site, it’s unclear to me how hosting a potentially vulnerable site at a different address would be anything other than an inconvenience for me and whatever visitors I may have had while providing no benefits to Lycos or “the security of all accounts on [your] server”. Lycos’ policy in this regard seems as though its biggest advantage is that it rewards the efforts of malicious hackers by permanently rendering their victims’ sites inoperable.

Thanks for your time.

Comments (0) | Geekish, Snark

Windows 7 is pretty cool (I’ve been using it since late August), but it would be that much cooler if it came with this remix of the imitable canyon.mid. (source)

Comments (0) | Geekish

So periodically I tend to go through my buddy list and delete old names of people that haven’t been online in ages, or whom I don’t speak to anymore, or what have you. Since I’m such a pack rat though I don’t like deleting things without keeping copies somewhere (the utility of remembering what names were once on my buddy list eludes me at the moment, but I’m sure it exists).

In any event, I did a bit of searching and came up with nothing helpful. Exporting a buddy list in Adium is an oft-requested, somewhat contemplated, and ultimately unsupported feature. The new version of AIM for Mac apparently omits this feature, although if you were to search you wouldn’t know it.

I ended up installing Pidgin on my Windows 7 tablet, since I already knew you could export your buddy list as XML using that. But only a brief moment of thought resulted in this helpful nugget of wisdom (one that, I had taken advantage of before, I guess, but had forgotten–hence this post):

cp ~/Library/Application\ Support/Adium\ 2.0/Users/Default/libpurple/blist.xml ~/blist-backup.xml

And your backup is now in your home folder.

On an entirely unrelated note, I finally fixed got fixed the problems that were going on behind the scenes. The end result is you need no longer register to post a comment (not that I would expect anyone to do the latter, much less the former). The curious thing is that even though I had “required” registration to post comments, and no one registered an account in the interim, 1,000+ spam comments still managed to get through. I guess WordPress doesn’t really do much in the way of effective checking for such things. Oh well, I guess?

Comments (0) | Apple, Geekish, Random, Site Stuff

If you want one, I have (one).

Comments (0) | Geekish

My new Google Voice number is composed of two powers of two. This has the nice effect of making it very easy for me to remember, along with any nerd acquaintances I may share it with.

If that didn’t convince you I’m a geek, how about the fact that I thought this was worth sharing?

Comments (0) | Geekish, Random

Shitty though it was, I’m still going to miss it.

The Associated Press: Yahoo to close GeoCities, other services in revamp

Comments (1) | Geekish