June 21, 2003

Dipshit Crew

secretive-jerry.jpg
Don't fuck with Jerry's Site

For the last couple years I've been keeping up with Jerry Capeci's Gangland News, a gossip, news, and society column written about New York's organized crime world. It's an odd weekly diversion.

Today I wanted to make fun of some New York colleagues. To that end, I hopped onto the site to find some FBI surveillance photos taken of Mafiosi outside the Bergin Hunt & Fish club.

I was having trouble finding it, so I had the idea to find the site's images/ directory. I could browse that more quickly.

Where is their images/ directory? I don't know. So I tried to 'View Source' on the column. But instead of the source, up popped:

    <-- Browser Detective - Protected Source Code --> <-- Your IP Address Is Being Logged! -->

hahahahaha how tedious.

(1) It wasn't really clear to me what they're protecting.
(2) I doubted they were doing a very good job of protecting it anyway.

My guess was that they had some javascript code that some restricts 'View Source.' I've seen other javascript pages also make View Source act queer.

So when I came home, I opened a bash shell and ran 'wget http://ganglandnews.com'.

When I opened the output I had to laugh, because all I saw was the now-familiar:


    <-- Browser Detective - Protected Source Code -->
    <-- Your IP Address Is Being Logged! -->

Ok... So now my guess was that in addition to the javascript blocking, the server was smart enough to parse the user-agent string in the URL request. Things like 'wget' it simply refuses to serve.

So then I said, "wget -U="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" http://ganglandnews.com" Now it has to assume I'm using the same browser that it merrily served the file to just moments before.

Of course it fell for the 'trick.'

So when I opened up the output in a resized emacs window, I had to laugh at myself. It appears I gave them way too much credit.

Yes, my little user-agent bluff worked, but it was wholly unnecessary. This stupid 'Browser Detective' doesn't do shit. They just put that dire warning at the top of the html file, followed by fifty carriage-returns. My emacs buffer had been fairly small, so I never noticed that the rest of the html came after a bunch of linefeeds. When I went back and tried 'View Source' again, I realized I'd made the same mistake there, too. I just scrolled down a bit, and there it was.

So asinine. It was such a weak, pointless effort that I wondered who was even behind this 'program.' This led me to the hilarious discussion board where people list about nineteen different ways to defeat this pathetic software. (It also has some primitive javascript code to disable the right-mouse click -- to stop you frome saving the images, for example)

I looked further and found other discussions that discuss similarly weak security attempts.

All in all a laugh.

The only other time I've run into this nonsense is about two years ago, when (I am not making this up) I was looking for some pictures of Macho Man Wayne Newton. I found a fan site that was just as bad as you'd imagine a Wayne Newton fan site would be. The only thing was, they had some javascript code that was blocking me from saving the pictures. I was too busy to go back and do the exercise of defeating it, but I guess it probably would have taken five or fifteen minutes too. Must. Safeguard. Precious. Photos.

Posted by Nils Blutig at June 21, 2003 12:42 AM | TrackBack