Detail, east Portland photo, courtesy Miles Hochstein / Portland Ground.

For old times' sake
The bojack bumper sticker -- only $1.50!

To order, click here.

Excellent tunes -- free! And on your browser right now. Just click on Radio Bojack!

E-mail us here.


This page contains a single entry from the blog posted on March 4, 2009 9:34 AM. The previous post in this blog was "At some point it doesn't make sense". The next post in this blog is Need medical help?. Many more can be found on the main index page or by looking through the archives.



Law and Taxation
How Appealing
TaxProf Blog
Mauled Again
Tax Appellate Blog
A Taxing Matter
Josh Marquis
Native America, Discovered and Conquered
The Yin Blog
Ernie the Attorney
Above the Law
The Volokh Conspiracy
Going Concern
Bag and Baggage
Wealth Strategies Journal
Jim Hamilton's World of Securities Regulation
World of Work
The Faculty Lounge
Lowering the Bar
OrCon Law

Hap'nin' Guys
Tony Pierce
Parkway Rest Stop
Along the Gradyent
Dwight Jaynes
Bob Borden
Dingleberry Gazette
The Red Electric
Iced Borscht
Jeremy Blachman
Dean's Rhetorical Flourish
Straight White Guy
As Time Goes By
Dave Wagner
Jeff Selis
Alas, a Blog
Scott Hendison
The View Through the Windshield
Appliance Blog
The Bleat

Hap'nin' Gals
My Whim is Law
Lelo in Nopo
Attorney at Large
Linda Kruschke
The Non-Consumer Advocate
10 Steps to Finding Your Happy Place
A Pig of Success
Attorney at Large
Margaret and Helen
Kimberlee Jaynes
Cornelia Seigneur
And Sew It Goes
Mile 73
Rainy Day Thoughts
That Black Girl
Posie Gets Cozy
Cat Eyes
Rhi in Pink
Ragwaters, Bitters, and Blue Ruin
Rose City Journal
Type Like the Wind

Portland and Oregon
Isaac Laquedem
Rantings of a [Censored] Bus Driver
Jeff Mapes
Vintage Portland
The Portlander
South Waterfront
Amanda Fritz
O City Hall Reporters
Guilty Carnivore
Old Town by Larry Norton
The Alaunt
Bend Blogs
Lost Oregon
Cafe Unknown
Tin Zeroes
David's Oregon Picayune
Mark Nelsen's Weather Blog
Travel Oregon Blog
Portland Daily Photo
Portland Building Ads
Portland Food and
Dave Knows Portland
Idaho's Portugal
Alameda Old House History
MLK in Motion

Retired from Blogging
Various Observations...
The Daily E-Mail
Saving James
Portland Freelancer
Furious Nads (b!X)
Izzle Pfaff
The Grich
Kevin Allman
AboutItAll - Oregon
Lost in the Details
Worldwide Pablo
Tales from the Stump
Whitman Boys
Two Pennies
This Stony Planet
1221 SW 4th
I am a Fish
Here Today
What If...?
Superinky Fixations
The Rural Bus Route
Another Blogger
Mikeyman's Computer Treehouse
Portland Housing Blog

Wonderfully Wacky
Dave Barry
Borowitz Report
Stuff White People Like
Worst of the Web

Valuable Time-Wasters
My Gallery of Jacks
Litterbox, On the Prowl
Litterbox, Bag of Bones
Litterbox, Scratch
Ride That Donkey
Singin' Horses
Rally Monkey
Simon Swears
Strong Bad's E-mail

Oregon News
The Oregonian
Portland Tribune
Willamette Week
The Sentinel
Southeast Examiner
Northwest Examiner
Sellwood Bee
Mid-County Memo
Vancouver Voice
Eugene Register-Guard
OPB - Portland
Salem Statesman-Journal
Oregon Capitol News
Portland Business Journal
Daily Journal of Commerce
Oregon Business
Portland Info Net
McMinnville News Register
Lake Oswego Review
The Daily Astorian
Bend Bulletin
Corvallis Gazette-Times
Roseburg News-Review
Medford Mail-Tribune
Ashland Daily Tidings
Newport News-Times
Albany Democrat-Herald
The Eugene Weekly
Portland IndyMedia
The Columbian

The Beatles
Bruce Springsteen
Joni Mitchell
Ella Fitzgerald
Steve Earle
Joe Ely
Stevie Wonder
Lou Rawls

E-mail, Feeds, 'n' Stuff

Wednesday, March 4, 2009

Probable phish alert

I got a pretty convincing phish message in yesterday's e-mail that purported to be from Comcast, our internet provider. It looked like this:

I foolishly clicked on the link, which sent me to a log-in page that looked pretty authentic:

I logged in, and then was directed to a page that asked for stuff like an address, a phone number, and a Social Security number. I actually started entering that data before it dawned on me that I might be being had. Fortunately I hadn't yet clicked on "Submit" or "Send."

Sure enough, retracing my steps, I noticed that the link I originally clicked on out of the e-mail message had as part of the URL address "" That is an address in China. Maybe Comcast is operating out of China these days, but I doubt it. I hightailed it out of there and logged on to Comcast a different way. I changed my password and am hoping that's the end of it.

It sure doesn't seem legit.

Comments (26)

Well you better change your real log on name and password because they have that now.

oh you did,,,,,,,

You might want to file an IC3 complaint.

Someone is spoofing my email address for spam. The emails originate in Romania and other overseas places. I filed an IC3 complaint and also made a report to Interpol about one email which came from the computer of a Russian government agency.

You can cut and paste the email header into your complaint so that the real source can be identified.

Yup. In these HTML-ized emails, the link you're reading may not be the actual link you're going to.

Often that's legit (for click-counting purposes), but it can also be used to do phishing scams.

Most companies have now moved to a no-links policy when sending emails about people's passwords, finances, etc. They just tell you to visit their website - which means you'll have to type in the address yourself... ensuring your safety.

I'm surprised that you would be fooled by such an email!

Of course now you've learned your lesson, always CALL first before filling out anything like that!

It's the only growth industry left:

I got something almost identical supposedly from AT&T.

I hope you are all at least reporting and forwarding these emails to the purported senders so that they can put out warnings to their customers.


You know you should have phish on Fridays.

Curses foiled again !!!

My moderate republican associates and I will have to resort to the double super secret plan b.......

I got something similar from my "provider" recently. The rule is to never, ever give out your password. Any email asking for your password is bogus.

That was what was so tricky about it. It didn't ask for my password in so many words. It asked me to log in, and from a page that looked more authentic than most of these that I've gotten over the years.

Maybe Comcast is operating out of China these days...

Certainly not for the network services - they only like a government where they can put the fix in, not vice versa.

I get at least a dozen of those a day from banks, credit unions, the IRS, and other companies and agencies from all over the world. It is hit or miss: eventually they send one from somebody who I actually have an account with.

Rule of thumb: If an official-looking email doesn't mention your name in the text of the email, it is not from who it says it is from.


Just curious, had you had "several failed login attempts"

No, but the implication of the e-mail message was that someone else was trying to get into my account, and Comcast had blocked those attempts.

Alas, I fell for a similar phishing site. I thought I was logging-in to Wells Fargo, with the intent of doing some online banking.

The log-in site requested the usual log-in name and password (typical of the real Wells Fargo site), then I was told something like, "For the ongoing security of your online account, please type your PIN."
I just thought that it was a new layer of protection, so I typed my PIN.
It was after that when I realized that I'd been "had."
I called Wells Fargo, they filed a fraud investigation, and I had to go in to a branch office, establish a new account name, account log-in, and a new PIN. They then placed a "watch" on my account for any untoward activity.

And I thought I was computer savvy and careful. Sheesh!

___ora et labora___


No, actually I think Comcast IS relocated in and operating out of China these days.

Or think of it as China relocated and operating 2 blocks down the street from you these days. If that salves anxiety. Or self-medicate ... the very green 2008 vintage coast-valleys Pinot Noir already tastes like an entry-level investment sure to appreciate.

- -
Did you hear the reports that AIG has been the CIA mercenary infiltrated in China collecting (person-ID theft) 'intelligence' for several years now, under guise of "selling insurance" (read: phishing 1 billion addresses and which ones have 1 child)?

So it isn't that AIG is "Too Big to Fail," but rather, "Knows Too Much to Lose" (the Classified Secrets for the taxpayers' checks illegally already cashed ... besides the federal crime prosecution for the illegal AIG participation, of course).

Wayne Madsen Report, March 2, 2009 -- AIG's new $30 billion handout to protect a U.S. intelligence operation

This just in from our intrepid source in Asia:

Maybe with now the Third Bailout, it's time to ask the hard questions about AIG.

The third bailout fund for AIG of 30 billion US dollars makes that insurance company the largest corporate recipient of federal funds, according to Bloomberg, which calculates its debt to the government at 70 billion dollars. AIG requested the third tranche, claiming that it could find no buyers for its Asian insurance operation, AIA.

This is patently untrue. In fact, China Life has shown strong interest in purchasing AIA's (AIG's Asian unit) assets in the Greater China region but, insurance industry insiders say, was rebuffed by AIG's asking price, which was astronomical considering the company's heavy debt burden. The transfer of AIA to the federal government, probably to protect sensitive private data that cannot be shared with foreign companies without igniting a major scandal, confirms suspicions long held about the 'revolving door' between AIG executives and the US intelligence agents.

Intelligence agencies in Japan, Indonesia and China have long suspected that AIG and its Asian unit, AIA, were heavily used as cover for placement of NOC agents, eavesdropping operations and for collecting private data unrelated to insurance matters on their nationals.

The links between the American International Group and the U.S. intelligence establishment were ...

Simple defense: always look at the message in plain text, or at least do so before clicking a link. If you lay your human eyes on the raw text, it takes almost no knowledge of HTML to spot a misrepresented link.

For me, that means I only use HTML e-mail when I really, *really* need it... maybe four messages a year out of thousands. The rest of the time, I send and view in plain text.

"Fortunately I hadn't yet clicked on "Submit" or "Send."

They could have been logging your keystrokes despite the presence of a submit/send button. The button is often window dressing to make the site look authentic.

"If you lay your human eyes on the raw text, it takes almost no knowledge of HTML to spot a misrepresented link."

Many phishing attacks spoof the url so viewing a "text" source is no guarantee.

"Many phishing attacks spoof the url so viewing a "text" source is no guarantee."

Well, true. But if they've compromised the DNS or the site's SSL you're pretty well screwed anyway. [shrug]

Alan's advice is very good. Most email clients have a "show original" or "show source" option.

There are also DNS services you can subscribe to (OpenDNS is free) that maintain lists of phishing domains and will provide a warning page whenever you try to load one. This is the best solution for tech-challenged folks.

In my experience a very small percentage of phishing attacks exploit bugs in your web browser to spoof the URL. And if you stay away from Internet Explorer you'll be safe from the large majority of those.

Here's an eye-opening presentation on SSL security flaws if anyone wants to see how the web security emperor has no clothes.

Dave C.: Every year after Black Hat I consider changing careers* and going off to live in a cave.

[*: Before I become the sysadmin equivalent of those flat-footed guys in the background of Michael Jordan posters watching him fly by to score on them.]

Comcast is a .com not a .net. First flag.

Companies never send out an "your account has been compromised" emails.

Never. Ever.

You find this out if / when you try to log in the next time.

These are never legitimate.

Never. Ever.

And if you ever wonder, ALWAYS look at the full header of the sender.


The "From" address looked pretty good: My own Comcast e-mail address ends in, and so it seemed o.k.

The key in my case would have been to roll over the link that they wanted me to click on, and be sure to look at the full URL, even though it was so long that in the e-mail display it had a "..." at the end of it. That's where the China address was.

"it was so long that in the e-mail display it had a "..." at the end of it. That's where the China address was."

Which of course was not at all accidental. The attacker knew that the user interface of your popular e-mail reader cuts off a long URL, and exploited that limitation to hide his attack. Reading in plain text is an effective countermeasure because it tells the program to never hide information in the mail body in a misguided attempt to be helpful. It is inconvenient at times, but it's much safer.

It's also worth mentioning that the "from" address on an e-mail means basically nothing. It's about as straightforward to fake as it is to write an incorrect return address on an envelope.


As a lawyer/blogger, I get
to be a member of:

In Vino Veritas

Lange, Pinot Gris 2015
Kiona, Lemberger 2014
Willamette Valley, Pinot Gris 2015
Aix, Rosé de Provence 2016
Marchigüe, Cabernet 2013
Inazío Irruzola, Getariako Txakolina Rosé 2015
Maso Canali, Pinot Grigio 2015
Campo Viejo, Rioja Reserva 2011
Kirkland, Côtes de Provence Rosé 2016
Cantele, Salice Salentino Reserva 2013
Whispering Angel, Côtes de Provence Rosé 2013
Avissi, Prosecco
Cleto Charli, Lambrusco di Sorbara Secco, Vecchia Modena
Pique Poul, Rosé 2016
Edmunds St. John, Bone-Jolly Rosé 2016
Stoller, Pinot Noir Rosé 2016
Chehalem, Inox Chardonnay 2015
The Four Graces, Pinot Gris 2015
Gascón, Colosal Red 2013
Cardwell Hill, Pinot Gris 2015
L'Ecole No. 41, Merlot 2013
Della Terra, Anonymus
Willamette Valley, Dijon Clone Chardonnay 2013
Wraith, Cabernet, Eidolon Estate 2012
Januik, Red 2015
Tomassi, Valpolicella, Rafaél, 2014
Sharecropper's Pinot Noir 2013
Helix, Pomatia Red Blend 2013
La Espera, Cabernet 2011
Campo Viejo, Rioja Reserva 2011
Villa Antinori, Toscana 2013
Locations, Spanish Red Wine
Locations, Argentinian Red Wine
La Antigua Clásico, Rioja 2011
Shatter, Grenache, Maury 2012
Argyle, Vintage Brut 2011
Abacela, Vintner's Blend #16 Abacela, Fiesta Tempranillo 2014
Benton Hill, Pinot Gris 2015
Primarius, Pinot Gris 2015
Januik, Merlot 2013
Napa Cellars, Cabernet 2013
J. Bookwalter, Protagonist 2012
LAN, Rioja Edicion Limitada 2011
Beaulieu, Cabernet, Rutherford 2009
Denada Cellars, Cabernet, Maipo Valley 2014
Marchigüe, Cabernet, Colchagua Valley 2013
Oberon, Cabernet 2014
Hedges, Red Mountain 2012
Balboa, Rose of Grenache 2015
Ontañón, Rioja Reserva 2015
Three Horse Ranch, Pinot Gris 2014
Archery Summit, Vireton Pinot Gris 2014
Nelms Road, Merlot 2013
Chateau Ste. Michelle, Pinot Gris 2014
Conn Creek, Cabernet, Napa 2012
Conn Creek, Cabernet, Napa 2013
Villa Maria, Sauvignon Blanc 2015
G3, Cabernet 2013
Chateau Smith, Cabernet, Washington State 2014
Abacela, Vintner's Blend #16
Willamette Valley, Rose of Pinot Noir, Whole Clusters 2015
Albero, Bobal Rose 2015
Ca' del Baio Barbaresco Valgrande 2012
Goodfellow, Reserve Pinot Gris, Clover 2014
Lugana, San Benedetto 2014
Wente, Cabernet, Charles Wetmore 2011
La Espera, Cabernet 2011
King Estate, Pinot Gris 2015
Adelsheim, Pinot Gris 2015
Trader Joe's, Pinot Gris, Willamette Valley 2015
La Vite Lucente, Toscana Red 2013
St. Francis, Cabernet, Sonoma 2013
Kendall-Jackson, Pinot Noir, California 2013
Beaulieu, Cabernet, Napa Valley 2013
Erath, Pinot Noir, Estate Selection 2012
Abbot's Table, Columbia Valley 2014
Intrinsic, Cabernet 2014
Oyster Bay, Pinot Noir 2010
Occhipinti, SP68 Bianco 2014
Layer Cake, Shiraz 2013
Desert Wind, Ruah 2011
WillaKenzie, Pinot Gris 2014
Abacela, Fiesta Tempranillo 2013
Des Amis, Rose 2014
Dunham, Trautina 2012
RoxyAnn, Claret 2012
Del Ri, Claret 2012
Stoppa, Emilia, Red 2004
Primarius, Pinot Noir 2013
Domaines Bunan, Bandol Rose 2015
Albero, Bobal Rose 2015
Deer Creek, Pinot Gris 2015
Beaulieu, Rutherford Cabernet 2013
Archery Summit, Vireton Pinot Gris 2014
King Estate, Pinot Gris, Backbone 2014
Oberon, Napa Cabernet 2013
Apaltagua, Envero Carmenere Gran Reserva 2013
Chateau des Arnauds, Cuvee des Capucins 2012
Nine Hats, Red 2013
Benziger, Cabernet, Sonoma 2012
Roxy Ann, Claret 2012
Januik, Merlot 2012
Conundrum, White 2013
St. Francis, Sonoma Cabernet 2012

The Occasional Book

Phil Stanford - Rose City Vice
Kenneth R. Feinberg - What is Life Worth?
Kent Haruf - Our Souls at Night
Peter Carey - True History of the Kelly Gang
Suzanne Collins - The Hunger Games
Amy Stewart - Girl Waits With Gun
Philip Roth - The Plot Against America
Norm Macdonald - Based on a True Story
Christopher Buckley - Boomsday
Ryan Holiday - The Obstacle is the Way
Ruth Sepetys - Between Shades of Gray
Richard Adams - Watership Down
Claire Vaye Watkins - Gold Fame Citrus
Markus Zusak - I am the Messenger
Anthony Doerr - All the Light We Cannot See
James Joyce - Dubliners
Cheryl Strayed - Torch
William Golding - Lord of the Flies
Saul Bellow - Mister Sammler's Planet
Phil Stanford - White House Call Girl
John Kaplan & Jon R. Waltz - The Trial of Jack Ruby
Kent Haruf - Eventide
David Halberstam - Summer of '49
Norman Mailer - The Naked and the Dead
Maria Dermoȗt - The Ten Thousand Things
William Faulkner - As I Lay Dying
Markus Zusak - The Book Thief
Christopher Buckley - Thank You for Smoking
William Shakespeare - Othello
Joseph Conrad - Heart of Darkness
Bill Bryson - A Short History of Nearly Everything
Cheryl Strayed - Tiny Beautiful Things
Sara Varon - Bake Sale
Stephen King - 11/22/63
Paul Goldstein - Errors and Omissions
Mark Twain - A Connecticut Yankee in King Arthur's Court
Steve Martin - Born Standing Up: A Comic's Life
Beverly Cleary - A Girl from Yamhill, a Memoir
Kent Haruf - Plainsong
Hope Larson - A Wrinkle in Time, the Graphic Novel
Rudyard Kipling - Kim
Peter Ames Carlin - Bruce
Fran Cannon Slayton - When the Whistle Blows
Neil Young - Waging Heavy Peace
Mark Bego - Aretha Franklin, the Queen of Soul (2012 ed.)
Jenny Lawson - Let's Pretend This Never Happened
J.D. Salinger - Franny and Zooey
Charles Dickens - A Christmas Carol
Timothy Egan - The Big Burn
Deborah Eisenberg - Transactions in a Foreign Currency
Kurt Vonnegut Jr. - Slaughterhouse Five
Kathryn Lance - Pandora's Genes
Cheryl Strayed - Wild
Fyodor Dostoyevsky - The Brothers Karamazov
Jack London - The House of Pride, and Other Tales of Hawaii
Jack Walker - The Extraordinary Rendition of Vincent Dellamaria
Colum McCann - Let the Great World Spin
Niccolò Machiavelli - The Prince
Harper Lee - To Kill a Mockingbird
Emma McLaughlin & Nicola Kraus - The Nanny Diaries
Brian Selznick - The Invention of Hugo Cabret
Sharon Creech - Walk Two Moons
Keith Richards - Life
F. Sionil Jose - Dusk
Natalie Babbitt - Tuck Everlasting
Justin Halpern - S#*t My Dad Says
Mark Herrmann - The Curmudgeon's Guide to Practicing Law
Barry Glassner - The Gospel of Food
Phil Stanford - The Peyton-Allan Files
Jesse Katz - The Opposite Field
Evelyn Waugh - Brideshead Revisited
J.K. Rowling - Harry Potter and the Sorcerer's Stone
David Sedaris - Holidays on Ice
Donald Miller - A Million Miles in a Thousand Years
Mitch Albom - Have a Little Faith
C.S. Lewis - The Magician's Nephew
F. Scott Fitzgerald - The Great Gatsby
William Shakespeare - A Midsummer Night's Dream
Ivan Doig - Bucking the Sun
Penda Diakité - I Lost My Tooth in Africa
Grace Lin - The Year of the Rat
Oscar Hijuelos - Mr. Ives' Christmas
Madeline L'Engle - A Wrinkle in Time
Steven Hart - The Last Three Miles
David Sedaris - Me Talk Pretty One Day
Karen Armstrong - The Spiral Staircase
Charles Larson - The Portland Murders
Adrian Wojnarowski - The Miracle of St. Anthony
William H. Colby - Long Goodbye
Steven D. Stark - Meet the Beatles
Phil Stanford - Portland Confidential
Rick Moody - Garden State
Jonathan Schwartz - All in Good Time
David Sedaris - Dress Your Family in Corduroy and Denim
Anthony Holden - Big Deal
Robert J. Spitzer - The Spirit of Leadership
James McManus - Positively Fifth Street
Jeff Noon - Vurt

Road Work

Miles run year to date: 113
At this date last year: 155
Total run in 2016: 155
In 2015: 271
In 2014: 401
In 2013: 257
In 2012: 129
In 2011: 113
In 2010: 125
In 2009: 67
In 2008: 28
In 2007: 113
In 2006: 100
In 2005: 149
In 2004: 204
In 2003: 269

Clicky Web Analytics