May 13th, 2010 Brian Herzog
A funny thing happened to me on Twitter - someone started impersonating me.
What? I'm not famous. I know there's more than one person with my name, so I wasn't too surprised to see another Brian Herzog start following me. But when I clicked into the profile to see read their tweets, it turned out that someone had duplicated my account. Their username was @syuhaedah, but were using my name, the same bio line and same location - the only difference was their website was a tinyurl (which I never clicked, but was able to preview).
It kind of freaked me out, so here are the steps I took:
- Click the "report as spam" link in the email from Twitter you get when someone starts following you
- Read their Privacy Violations and How to Report Spam pages
- Found Twitter's Impersonation Policy and opened a ticket to report it
Within a few hours I got a follow-up response from Twitter, and by the next day that account had been suspended. I feel bad bringing the hammer down like that, but it definitely felt like a spambot or other violation of both me and Twitter.
And how bizarre - I can see when someone sets up a fake Barack Obama or Conan O'Brien Twitter account, but me? So, be careful with both your own identity and that of your organizations.
I got lucky in that this account started following me, or else I may have never known about it. I guess I'll start to periodically use Twitter's Find People and Advanced Search (with operators) to check for this sort of thing.
May 6th, 2010 Brian Herzog
Here's something neat - and vital for library staff, both for those who directly provide computer help to patrons and for anyone else who uses a computer in their daily life:
A recent Slashdot post linked to a test to see how well people can identify spam, scam and phishing email messages (which can happen to anybody).
The test is provided by SonicWall, and would be a great for:
- taking as a group during a staff meeting or training day
- testing new employees to help protect your network and increase their tech competency
- showing to students and computer literacy classes to teach them to evaluate websites and email messages
After you're finished, be sure to click the "why" links on the test results to see exactly what looks suspicious and what are the red flags - that is the most helpful part of the test.
Tags: competencies, competency, email, libraries, Library, phishing, public, quiz, scam, scams, security, spam, test
August 18th, 2009 Brian Herzog
After reading Jessamyn's post about the spam and scams she gets through her website, I started actually reading the spam comments that come in here.
Most are caught by the filters and I just delete them. But reading them can be interesting, in a forensic sort of way. And some, like this one, were just downright entertaining:
It’s not so simply to bring a good written essay, essentially if you are concerned. I advise you to notice buy your essays and to be devoid from distrust that your work will be done by essays writers
Irony: it linked back to "quality essay dot com." I didn't visit the site, but the domain was registered through an ISP in California although the IP traced to The Netherlands.
Spam amazes me. If people didn't fall for it, spam might not be so prevalent. But you'd have to be pretty desperate to fall for an essay-writing scam with such poor grammar.
July 16th, 2009 Brian Herzog
The recent article about graffiti at the University of Chicago Library has finally given me a chance to clear out links in my "to blog" folder.
So, graffiti - when does it cross the line? Graffiti commonly seen in academic libraries can be ugly, but it can also be part of the culture and community of the campus. It's a way for students to communicate with their peers - even those that come years later. That's unique, and interesting.
In the public library world, I more often see graffiti (a.k.a. "annotations") in books. On first blush, it's annoying, but is it really that bad? And in fact, is it a good thing?
These things are not too distant from Web 2.0 tools allowing comments and reviews, really. Same rules apply: leave your opinion for others, don't be offensive, can be removed at any time, etc. The marginalia of life can add a great deal of value to life (just ask a genealogist).
It might not all qualify as "art," and any open forum will attract spam, but that doesn't mean graffiti doesn't offer some unexpected value - it can bring a smile, answer a question, provide experience-based assistance, or just make a connection with an unknown predecessor.
I know this is a never-ending debate, so in the meantime, here are some graffiti- and anti-graffiti-related links I've been collecting:
Spam ("Inbox Graffiti")
June 5th, 2008 Brian Herzog
If there's the least glimmer of money to be made, I suppose anything is susceptible to being corrupted. I recently got a spam comment on one of my flickr pictures.
I've heard of IM spam before, and get spam comments here all the time, but this is the first time I've seen it on flickr.
I deleted the comment (preserved in screencapture form) and won't link to the flickr user or his website. I wonder if this is automated or just someone commenting on any photo that mentioned "web designer" just to promote his business.
Oh well - just life on the internet, I suppose.
October 25th, 2007 Brian Herzog
I'm going to leave it on for awhile longer, just to see what happens. I think I'll end up switching back to the math challenge, but I sure do like the way jcap looks. Oh, and another advantage of the math challenge is that I think it is ADA-compliant, in that it can be read by screen reading software - the CAPTCHA images (at least in this version) cannot.
If you want to try installing and testing yourself, here's the steps I used:
1. Download the zip file from http://www.archreality.com/jcap/jcap.zip
2. Unzip the file (two .js files and one image directory) to your webserver where ever you want them - just remember, because you'll need to reference this location later
3. Modify jcap.js
- line 10: change the imgdir variable path (to the cimg/ directory) to reflect where it will be on your webserver (be sure to keep the trailing slash after the cimg)
Note: I used absolute path (http://www.domain.com/cimg/) instead of a relative path (../cimg/) because this lets you put the captcha on various pages that may be on different levels within your directory structure
4. Modify your html page on which you are including the captcha word verification
- Include in the <head></head> tags these two lines (be sure to modify the path to reflect where ever you put these files on your server:
- Include the attribute below to your <form> tag that processes your script:
(for example, yours might read <form action="http://www.domain.com/cgi-bin/email_ref.cgi" method="post" onsubmit="return jcap();">)
- Include the lines below within your form where you want the word verification to display:
Enter the word seen below:
<input type="text" name="uword" id="uword" value="" size="20">
<input type="hidden" id="required" name="required" value="uword">
Note: I ended up changing the "uword" field name (be sure to also change the field name on lines 84 and 92 of the jcap.js file). My logic was that, since this was the only script out there I could find, spammers probably already know to look for a field named "uword." But even with using a different field name, spam still comes through
Optional Extra Error Checking
This has nothing to do with this particular script, but I added it just for error-checking convenience. This is totally optional. The line below can be added to your submit button tag to make sure people fill in all the right fields - you'll have to edit it to reflect the fields you want to make "required"
Good luck. If anyone has a better solution, please share.