Automagically speaking ..........

[~BD~]

Quote:
******

Established almost four years ago, Nohack aims to provide a source of
information, help and advice for those who have unfortunately become
infected with one of the many trojan horse or virus programs which
abound on the internet today.

Nohack is run by a group of volunteers who investigate, categorise and
develop removal procedures for most viruses and trojans almost as soon
as they are released.. The team is based mainly on the DALnet IRC
Network but has contact with many other networks and anti-virus vendors.
The Nohack project is a strictly non-profit, volunteer effort, supported
entirely by the goodwill of those who take part.

The programs and instructions contained within this site have been
tested to the best of our abilities and are believed to work as stated,
however we can accept no responsibility for any damage or loss of data
which may result from their use. Users should always ensure they have a
working data backup before attempting any kind of virus or trojan
removal. If you are not confident with basic system administration, you
may be well advised to seek the help of a competent friend or computer
specialist before attempting any of the procedures detailed here.


**

Has anyone here stumbled across this group? Web site ......

hxxp://www.nohack.net/

[Aardvark]

On Sun, 21 Nov 2010 08:13:45 +0000, ~BD~ wrote:

> Has anyone here stumbled across this group? Web site ......
>
> hxxp://www.nohack.net/

Live link, not obfuscated. I've told you before- if you want to obfuscate
a link, substituting the letter 'x' for each 't' in 'http' doesn't cut
the mustard.



--
"En un lugar de la Mancha, de cuyo nombre no quiero acordarme,
no hace mucho tiempo que vivÃ*a un hidalgo de los de lanza en
astillero, adarga antigua, rocÃ*n flaco y galgo corredor."
-Cervantes, 'Don Quixote'

[~BD~]

Aardvark wrote:
> On Sun, 21 Nov 2010 08:13:45 +0000, ~BD~ wrote:
>
>> Has anyone here stumbled across this group? Web site ......
>>
>> http://wxw.nohack.net/
>
> Live link, not obfuscated. I've told you before- if you want to obfuscate
> a link, substituting the letter 'x' for each 't' in 'http' doesn't cut
> the mustard.

I thank you for restating that. I seem to think we didn't actually
finish that discussion. However, it was the venerable David H Lipman,
resident guru here on alt.privacy.spyware, who advocated that it *does*
obfuscate a link!

Perhaps it simply depends on which newsreader is in play, eh?

If you look here, does the link 'work'? What happens?
http://groups.google.com/group/alt.p...3d096df?hl=en#

(It sort of 'works' for me - I get a warning from Google!)

However, in SeaMonkey, the link is *NOT* live. Piccie .......
http://i52.tinypic.com/raoqw6.jpg

Aardvark, using Linux as you do, did you click on the 'live' link to
take you to the site? Have you any means of knowing whether or not
malware of any kind is or is not downloaded onto a visitor's computer?

D.

[Aardvark]

On Sun, 21 Nov 2010 11:53:39 +0000, ~BD~ wrote:

> Aardvark wrote:
>> On Sun, 21 Nov 2010 08:13:45 +0000, ~BD~ wrote:
>>
>>> Has anyone here stumbled across this group? Web site ......
>>>
>>> http://wxw.nohack.net/
>>
>> Live link, not obfuscated. I've told you before- if you want to
>> obfuscate a link, substituting the letter 'x' for each 't' in 'http'
>> doesn't cut the mustard.
>
> I thank you for restating that. I seem to think we didn't actually
> finish that discussion. However, it was the venerable David H Lipman,
> resident guru here on alt.privacy.spyware, who advocated that it *does*
> obfuscate a link!
>

Perhaps in the mail client he uses as a newsreader, yes.

> Perhaps it simply depends on which newsreader is in play, eh?
>

I should think that if you only **** with the 'http' portion of a link,
the bit beginning 'www' will still be live. Try posting a link twice-
say, to Google's home page- without the 'http colon slash slash'. In the
first, keep the 'www' intact, in the second change the middle 'w' to an
'x' and then check the results in your newsreader. Try a test group
without any crossposting, eh.

> If you look here, does the link 'work'? What happens?
> http://groups.google.com/group/alt.p...browse_thread/
thread/304948b4e3d096df?hl=en#

In your OP, the link is clickable, as I would expect. In my reply, it's
still clickable- no surprise there. Then in your next post you have
successfully obfuscated the link, as it brings up a 'Server not found'
message in Firefox.

Did you not realise that you don't have to place 'http://' before a link
beginning 'www' for it to be live?

>
> (It sort of 'works' for me - I get a warning from Google!)
>
> However, in SeaMonkey, the link is *NOT* live. Piccie .......
> http://i52.tinypic.com/raoqw6.jpg

SM appears to have an idiosyncratic way of dealing with links, it seems.

>
> Aardvark, using Linux as you do, did you click on the 'live' link to
> take you to the site?

<http://img717.imageshack.us/img717/8167/screenshotqbp.png>

Is what I see on clicking the link.

I typed the link directly into my browser's address bar and went straight
there. It was quite amusing. Try it with your Mac if you're too
frightened to do it with your Windoze machine.

It seems to me that Google has wrongly categorised the site, and I know
why now.

> Have you any means of knowing whether or not
> malware of any kind is or is not downloaded onto a visitor's computer?
>

I suppose if I could be bothered, I could study the page source. If I
could be bothered.

> D.

A.



--
"En un lugar de la Mancha, de cuyo nombre no quiero acordarme,
no hace mucho tiempo que vivÃ*a un hidalgo de los de lanza en
astillero, adarga antigua, rocÃ*n flaco y galgo corredor."
-Cervantes, 'Don Quixote'

[~BD~]

Aardvark wrote:
> On Sun, 21 Nov 2010 11:53:39 +0000, ~BD~ wrote:
>
>> Aardvark wrote:
>>> On Sun, 21 Nov 2010 08:13:45 +0000, ~BD~ wrote:
>>>
>>>> Has anyone here stumbled across this group? Web site ......
>>>>
>>>> http://wxw.nohack.net/
>>>
>>> Live link, not obfuscated. I've told you before- if you want to
>>> obfuscate a link, substituting the letter 'x' for each 't' in 'http'
>>> doesn't cut the mustard.
>>
>> I thank you for restating that. I seem to think we didn't actually
>> finish that discussion. However, it was the venerable David H Lipman,
>> resident guru here on alt.privacy.spyware, who advocated that it *does*
>> obfuscate a link!
>>
>
> Perhaps in the mail client he uses as a newsreader, yes.

Maybe as the resident guru (well, *he* thinks he is!) he should take
account of the fact that posters to the newsgroups use many and various
newsreaders.

>> Perhaps it simply depends on which newsreader is in play, eh?

He should not give false information AND no one here has ever corrected
him as far as I'm aware.

> I should think that if you only **** with the 'http' portion of a link,
> the bit beginning 'www' will still be live. Try posting a link twice-
> say, to Google's home page- without the 'http colon slash slash'. In the
> first, keep the 'www' intact, in the second change the middle 'w' to an
> 'x' and then check the results in your newsreader. Try a test group
> without any crossposting, eh.

OK - I'm convinced. Thanks for your guidance.

>> If you look here, does the link 'work'? What happens?
>> http://groups.google.com/group/alt.p...browse_thread/
> thread/304948b4e3d096df?hl=en#
>
> In your OP, the link is clickable, as I would expect. In my reply, it's
> still clickable- no surprise there. Then in your next post you have
> successfully obfuscated the link, as it brings up a 'Server not found'
> message in Firefox.

Great. It did so for me too.

> Did you not realise that you don't have to place 'http://' before a link
> beginning 'www' for it to be live?

To be honest - no! I'd never even thought about it to be frank (instead
of Dave, just for a change! <G>)

>> (It sort of 'works' for me - I get a warning from Google!)
>>
>> However, in SeaMonkey, the link is *NOT* live. Piccie .......
>> http://i52.tinypic.com/raoqw6.jpg
>
> SM appears to have an idiosyncratic way of dealing with links, it seems.

I don't have a great deal of experience in such matters.

>> Aardvark, using Linux as you do, did you click on the 'live' link to
>> take you to the site?
>
> <http://img717.imageshack.us/img717/8167/screenshotqbp.png>
>
> Is what I see on clicking the link.

Thanks. Identical to my experience.

> I typed the link directly into my browser's address bar and went straight
> there. It was quite amusing. Try it with your Mac if you're too
> frightened to do it with your Windoze machine.

Hey! Credit where it's due. These are only *machines* and I'm most
certainly not in any way frightened of them! I hate to think how many
times I've broken and fixed any number of them, going back to Commodore
64 and the BBC computer days!

I'd gone to the link with my Mac before posting here. I thought it a bit
of fun too. I'd like to have seen some detail on the group responsible
though - with some means of contacting them. Maybe you've come across
*this* group? http://www.team-cymru.org/

> It seems to me that Google has wrongly categorised the site, and I know
> why now.

Probably. Only Google *really* knows!

>> Have you any means of knowing whether or not
>> malware of any kind is or is not downloaded onto a visitor's computer?
>>
>
> I suppose if I could be bothered, I could study the page source. If I
> could be bothered.

I'll take that as a no, then! ;-)

Cheers

Dave

[Aardvark]

On Sun, 21 Nov 2010 21:50:16 +0000, ~BD~ wrote:

> Aardvark wrote:
>> On Sun, 21 Nov 2010 11:53:39 +0000, ~BD~ wrote:
>>
>>> Aardvark wrote:
>>>> On Sun, 21 Nov 2010 08:13:45 +0000, ~BD~ wrote:
>>>>
>>>>> Has anyone here stumbled across this group? Web site ......
>>>>>
>>>>> http://wxw.nohack.net/
>>>>
>>>> Live link, not obfuscated. I've told you before- if you want to
>>>> obfuscate a link, substituting the letter 'x' for each 't' in 'http'
>>>> doesn't cut the mustard.
>>>
>>> I thank you for restating that. I seem to think we didn't actually
>>> finish that discussion. However, it was the venerable David H Lipman,
>>> resident guru here on alt.privacy.spyware, who advocated that it
>>> *does* obfuscate a link!
>>>
>>>
>> Perhaps in the mail client he uses as a newsreader, yes.
>
> Maybe as the resident guru (well, *he* thinks he is!) he should take
> account of the fact that posters to the newsgroups use many and various
> newsreaders.
>

He's obviously a Micro$oft droid through and through and thinks the only
software worth having is Redmond's best (oxymoron alert!).

>>> Perhaps it simply depends on which newsreader is in play, eh?
>
> He should not give false information AND no one here has ever corrected
> him as far as I'm aware.
>

See above. Forgive him, he knows not what he does.

>> I should think that if you only **** with the 'http' portion of a link,
>> the bit beginning 'www' will still be live. Try posting a link twice-
>> say, to Google's home page- without the 'http colon slash slash'. In
>> the first, keep the 'www' intact, in the second change the middle 'w'
>> to an 'x' and then check the results in your newsreader. Try a test
>> group without any crossposting, eh.
>
> OK - I'm convinced.

****! That was easier than usual.

> Thanks for your guidance.
>

Think nothing of it.

>>> If you look here, does the link 'work'? What happens?
>>> http://groups.google.com/group/alt.p...browse_thread/
>> thread/304948b4e3d096df?hl=en#
>>
>> In your OP, the link is clickable, as I would expect. In my reply, it's
>> still clickable- no surprise there. Then in your next post you have
>> successfully obfuscated the link, as it brings up a 'Server not found'
>> message in Firefox.
>
> Great. It did so for me too.
>
>> Did you not realise that you don't have to place 'http://' before a
>> link beginning 'www' for it to be live?
>
> To be honest - no! I'd never even thought about it to be frank (instead
> of Dave, just for a change! <G>)
>

How can you never have noticed that a link beginning with 'www' is just
as clickable as the same link preceded by 'http://'?????

>>> (It sort of 'works' for me - I get a warning from Google!)
>>>
>>> However, in SeaMonkey, the link is *NOT* live. Piccie .......
>>> http://i52.tinypic.com/raoqw6.jpg
>>
>> SM appears to have an idiosyncratic way of dealing with links, it
>> seems.
>
> I don't have a great deal of experience in such matters.
>

Nor do I, really. That was merely an observation as a result of this
conversation here.

>>> Aardvark, using Linux as you do, did you click on the 'live' link to
>>> take you to the site?
>>
>> <http://img717.imageshack.us/img717/8167/screenshotqbp.png>
>>
>> Is what I see on clicking the link.
>
> Thanks. Identical to my experience.
>
>> I typed the link directly into my browser's address bar and went
>> straight there. It was quite amusing. Try it with your Mac if you're
>> too frightened to do it with your Windoze machine.
>
> Hey! Credit where it's due. These are only *machines* and I'm most
> certainly not in any way frightened of them! I hate to think how many
> times I've broken and fixed any number of them, going back to Commodore
> 64 and the BBC computer days!
>
> I'd gone to the link with my Mac before posting here. I thought it a bit
> of fun too.

The best way to get a serious message across is with humour. That would
appear to be the path they've taken there.

> I'd like to have seen some detail on the group responsible
> though - with some means of contacting them. Maybe you've come across
> *this* group? http://www.team-cymru.org/
>

Nope.

>> It seems to me that Google has wrongly categorised the site, and I know
>> why now.
>
> Probably. Only Google *really* knows!
>

I can guess- sto0pid Windroid clicks on a link somewhere which takes him
to that site. On the first page of the site is a moving bar telling him
how much of his HD has thus far been erased. He then scrabbles furiously
to get the **** away from this site that's killing his system, and once
he's wiped the beads of adrenalin-driven perspiration from his deeply
furrowed brow, he reports the site to Google, his ISP, his missus, his
dog and Uncle Tom Cobbleigh and all.

The next thing, Google have placed a block on accessing the site from its
search pages.

QED.

>>> Have you any means of knowing whether or not malware of any kind is or
>>> is not downloaded onto a visitor's computer?
>>>
>>>
>> I suppose if I could be bothered, I could study the page source. If I
>> could be bothered.
>
> I'll take that as a no, then! ;-)
>

Very quick on the uptake there.

The only oddity of any sort I found on the page was one link ('Securing
Your Network') that didn't point internally towards the site's own
structure, but outwards towards some German place-holder with some kind
of flash animation which never quite starts:

<http://www.mishscript.de/enu/misc/network/index.htm>

> Cheers
>

Whatever.

> Dave

Aardvark



--
"En un lugar de la Mancha, de cuyo nombre no quiero acordarme,
no hace mucho tiempo que vivÃ*a un hidalgo de los de lanza en
astillero, adarga antigua, rocÃ*n flaco y galgo corredor."
-Cervantes, 'Don Quixote'