Last night I went to Woodbury High School’s web page to check the schedule, to see if my high school friends had the day off today. Well they didn’t, but that doesn’t matter for now. What I found instead was weird javascript code inserted into the schedule. It slowed down the page load so much, that I decided to investigate.
Viewing the source of the page [image] [html], I discovered that the root domain, nuclear3.com had a very odd looking whois record [Archived - DNS | Contacts] [Current]. I then checked out the whois record on the IPv4 address for the www A record [archived] [current]. Well the www A record is hosted by Ecommerce Inc [trace], but the A record for e.nuclear3.com is apparently part of the Chinese school system [nslookup] [apnic.net whois record] [trace]. How ironic!
Cracking/Hacking
sql injection, xss
I went out to get the mail today, as I always do when home, so I have some reading material for lunch. I drop the stash of mail on the kitchen table and spot another one of my (now deceased) Grandpa’s spam mailers. What is interesting and annoying is that places like Young America’s Foundation (affiliated with the Reagan Ranch and National Journalism Center) continue to send propaganda mailers even after my mom had (on her father’s behalf) sent mail to many of these places telling them to stop. On a couple of occasions my mom did get responses from a few places … in the form of “return to sender - address does not exist”.
The YAF folks have been the most vivacious of snail-mail spam senders. So I decided to subscribe them to some e-spam right up their alley: free gift cards from hooters, a playboy mailing list, viagra offers, offshore banking, and an email from one Jose Carleta asking for some help on getting a green card. Plus, there should be a few credit card offers coming in to them via phone and snail-mail. They are upper-class white folks, they should have the money to help out Jose and buy some viagra. Don’t ya think?
In case you care to know a bit more about who these folks are, there contact page is here. Here is their current whois record as of August 21st, 2008.
Cracking/Hacking, Society, Web
Young America’s Foundation
The past few days, I’ve been working on this “deviant webventure” called XSSLink.net. For all practical purposes it is done. Unfortunately though, the hosting provider the script host is on, hostbot.com, adds tracking codes to every webpage. I’ve talked to the support staff about removing their added tracking codes that interfere with using the scripts and that should be cleared up quite shortly. Other than that it should be ready to go. Enjoy, and if there are any errors, please get back to me.
Cracking/Hacking, Web
xsslink
