Your leaking thatched hut during the restoration of a pre-Enlightenment state.


Hello, my name is Judas Gutenberg and this is my blaag (pronounced as you would the vomit noise "hyroop-bleuach").


decay & ruin
Biosphere II
dead malls
Irving housing

got that wrong

appropriate tech
Arduino μcontrollers
Backwoods Home
Fractal antenna

fun social media stuff

(nobody does!)

Like my brownhouse:
   how to collect credit card numbers with PINs
Sunday, August 10 2003
Today was the Sunday I discovered that there are no hardware stores open on Sunday in Saugerties. I desperately needed some romex clamps, but the closest I came to obtaining some was at one of those liquidator places that stays open on Sundays. The liquidators (who had set up shop in a beautiful old 19th Century factory - had some things that were pretty close to romex clamps - they had spools of romex wire, electrical tape, and even pipe clamps) but they didn't have what I'd come for. Neither did the mirror-façaded Price Chopper, the ugliest structure within walking distance of downtown Saugerties. It turned out to be nothing more than a supersized grocery store, the sort building codes should strictly prohibit.

The following content appeared today in my inbox as an HTML email message:

Dear PayPal Customer


This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:


Email Address:
Full Name: 
Credit Card #: 
ATM PIN (For Bank Verification) #: 

This notification expires September 31, 2003

Thanks for using PayPal!

Superficially, I was fooled into thinking this actually was a message from PayPal. It looked like other PayPal emails I've received, but what was this about asking me for my credit card number and PIN number? That seemed pretty suspicious. So I did a "view source" to see where the form intended to send my data. This is where:

Notice the use of an "@" in the URL. That's an old spammer trick to hide the true form's target, the part that follows the @. If I were to type my info into that form and hit "Log In," the information would go to As far as I can tell, is a free webpage provider, sort of like Geocities. Imagine someone filling that form out and sending their information to an anonymous web account! I'll bet a sizable fraction of the people receiving this email did just that. It only takes one or two to make the sending of this "social hack" spam an extremely valuable endeavor.

For linking purposes this article's URL is:

previous | next