You know the drill by now: educational institutions enjoy leaving their networks open to any would-be identity thief or research data saboteur:

Oregon State System of Higher Education
1225 Kincaid, UO Campus
Eugene, OR 97403

spammed us on Friday, 5 March 2010 - 6:54pm via IP 140.211.15.30

University of British Columbia
6356 Agricultural Road
Vancouver, BC V6T-1Z2
CA

spammed us on Friday, 5 March 2010 - 8:45pm via IP 198.162.52.23

Kilmarnock College
Lumen House
Library Avenue
Harwell Science and Innovation Campus
DIDCOT, Oxon
OX11 0SG UK

spammed us on Friday, 5 March 2010 - 8:32pm via IP 212.219.163.212

Technical University of Vienna
Technische Universitaet Wien
Zentraler Informatik Dienst
Wiedner Hauptstrasse 8-10/020
A-1040 VIenna
Austria

spammed us on Saturday, 6 March 2010 - 12:05am via IP 128.131.167.8

Nebo School District
350 S. Main
Spanish Fork, UT 84660

spammed us on Monday, 22 February 2010 - 1:30pm via IP 160.7.244.34

Here we have a insecure network that deals double damage by making vulnerable both educational and medical information:

Medical and Educational Data Network
P.O. Box 14466
Riyadh 11424
Saudi Arabia

spammed us on Saturday, 27 February 2010 - 1:19am via IP 213.230.18.244

Government agencies in general should be more secure than these:

State of Nebraska / Office of the CIO
501 South 14th street
Lincoln, NE 68508-2711

spammed us on Thursday, 4 March 2010 - 2:47pm via IP 205.202.121.244

Illinois Century Network
120 W Jefferson
Suite B
Springfield, IL 62702

spammed us on Wednesday, 24 February 2010 - 10:03pm via IP 64.107.146.21

And, of course, we always love to feature people who tout their security expertise:

M5 Computer Security
3368 Governor Drive #F-124
San Diego, CA 92122

spammed us on Thursday, 4 March 2010 - 9:00am and Friday, 5 March 2010 - 5:37pm via IP 206.251.255.61

To be fair, that appears to be a hosting service for ifountain.org. So, unless you use their software yourself, you probably only have to be concerned if someone else who uses RapidOSS is leaking your personal data because they've been compromised. I mean, we all know what operations management software is being used by people who store our personal information, right?

Compromised educational institutions have become both a staple and tiresome:

University of Hawaii Community College System
UH Computing Center 2565 The Mall
Honolulu, HI 96822

spammed us on Monday, 8 February 2010 - 7:15pm and Wednesday, 17 February 2010 - 12:07pm via IP 166.122.68.249

Zhejiang University Of Technology
Hangzhou, Zhejiang 310014
China

spammed us on Thursday, 11 February 2010 - 1:22pm via IP 210.32.200.95

Texas A&M University
Networking & Information Security
MS 3472
College Station, TX 77843-3472

spammed us on Friday, 19 February 2010 - 7:54am via IP 128.194.128.95

Moscow State University
Main building, Room 1012
Lenin's Hills
119899 Moscow
Russia

spammed us on Saturday, 20 February 2010 - 1:16pm via IP 193.232.117.77

New Mexico State University
Box 30001 MSC 3AT
Las Cruces, NM 88003

spammed us on Saturday, 20 February 2010 - 4:24pm via IP 128.123.166.204

And color me surprised that it took this long, but now we have some religious institutions who can't shepherd their servers. They'll claim to save your soul, but your money and identity are probably in the hands of thieves:

TMNET IP Administrators
TM Annexe 1,
Jalan Pantai Baru,
50672 Kuala Lumpur.
Malaysia

spammed us on Tuesday, 16 February 2010 - 2:50pm via IP 219.95.108.38

That's a generic IP owner, but it resolves to smtp.ibfim.com, or the mail server for the Islamic Banking and Finance Institute. I again sit amazed that botnets take over these sorts of critical servers, yet squander their ripe position by using them to openly spam low-grade blogs with low-grade drug links.

Family Stations Inc.
290 Hegenberger Road
OAKLAND, CA 94621

spammed us on Wednesday, 17 February 2010 - 6:05am via IP 69.25.105.76

For your reference, that resolves to fsiinternet.familyradio.org. Family Radio bills itself as "A Worldwide Christian Ministry". And because nothing says a happy and loving Christian family like death threats, they've set aside 21 May 2011 as the end of the world.

You didn't really think it'd stop, did you? We start off with another series of educational institutions:

Brisbane Boys' College
Kensington Tce
Toowong QLD 4066
AU

spammed us on Monday, 1 February 2010 - 7:25pm, 7:39pm, 7:50pm, 8:02pm, 8:03pm and 8:12pm via IP 203.57.147.3

Prince of Songkla University
Computer Center
Korhong, Hatyai, Songkhla, 90110

spammed us on Monday, 1 February 2010 - 5:28pm; Thursday, 4 February 2010 - 10:08am via IP 202.12.74.44

Polish Academy of Science
Institute of Bioorganic Chemistry
Poznan Supercomputing and Networking Center
ul. Noskowskiego 12/14
61-704 Poznan
Poland

spammed us on Friday, 5 February 2010 - 2:58pm via IP 150.254.161.3

That's right, the botnets even have access to a supercomputing center, and yet they haven't figured out anything better to do with it than spam dumb blogs like mine.

Next up with have an otherwise generic IP block owner:

Cox Communications
1400 Lake Hearn Dr
Atlanta, GA 30319

spammed us on Monday, 1 February 2010 - 5:26pm, 7:25pm, 7:30pm, 7:31pm, 7:39pm and 8:03pm; Thursday, 4 February 2010 - 2:35am; Friday, 5 February 2010 - 6:05pm, 8:00pm, and 8:05pm via IP 98.172.30.138

What is notable about that IP is that it resolves to nat-gw.productionadvantage.com. The Production Advantage, Inc. appears to be a direct marketing company, so if you've ever done business with them, it's a good bet that your data has been compromised. They even helpfully list their clients, so if you've ever given your personal information to any of those organizations, you might want to contact them regarding your pending identity theft.

Another generic IP block owner:

Savvis
1 SAVVIS Parkway
Town and Country, MO 63017

spammed us on Thursday, 4 February 2010 - 11:20am via IP 216.109.73.21

That IP resolves to dc3-pw-nat.ws.ag.com. I will helpfully point out that ag.com belongs to American Greetings. As though it weren't bad enough for your "friends" to give up your identity for a stupid eCard, welcome to their insecure system that gives it up to people that are probably even worse.

And it's always the most fun when someone selling security is insecure:

TREND MICRO INCORPORATED
10101 N. De Anza Blvd,
Cupertino, CA 95014

spammed us on Monday, 1 February 2010 - 8:08pm via IP 216.104.15.138

and in an odd twist, they also came in a half hour earlier from half way around the world, doing a scouting mission on Monday, 1 February 2010 - 7:33pm via IP 150.70.84.26

The slogan on their site is "Securing Your Web World". Since they can't secure their own, I have my doubts. Their traffic pattern is so strange, though, it makes me think that they themselves might be abusing network resources instead of being part of someone else's botnet.

So here we have it: the last single digit spam call out is also the last "on demand" one and, as you will soon see, it's a great capper. I'll still be raking insecure hosts over the coals, of course, but not as they come in. To that end, anonymous comments must now be approved, and when that queue get cleaned is when you'll see new outings. (weekly? monthly? we'll see . . .)

In the ongoing theme of failed educational institutions, we have this decidedly-non-educational-institution IP owner:

Open Software Foundation
P.O. Box 7286
Nashua, NH 03060

spammed us on Sunday, 17 January 2010 - 6:59am via IP 130.105.36.54

Because it resolves to www.hudsonvalleyschool.org, though, I'm dumping it in with other educational institutions. With any luck, it's just a basic web host without any student records or other confidential information, but it still represents a machine that may be considered a trusted host, and it's now part of some botnet. I mainly only listed it to create a calm before the storm.

And here comes the big one! The insecurity to make all insecurity envious! If you had asked me to predict this day, I would have said "never in my wildest dreams", yet:

Microsoft Corp
One Microsoft Way
Redmond, WA 98052

spammed us on Sunday, 17 January 2010 - 4:09am, 4:19am, 5:17am, and 10:41am via IP 131.107.33.62

Color me both shocked and amused. They hit this site not just once, but four times! Sadly, this entry will likely be lost amongst all the other Microsoft insecurities that pop up all over the Internet on a daily basis. I wonder if I would be just as careless if I had billions of dollars. Would you?

Sadly, it doesn't look like the comment spam is coming in waves any longer, but rather just a steady stream. If it keeps up, I'll soon turn approval on and limit these updates to once a week. They've already taken away too much from the content, such as it is, of this blog.

So again we have a number of educational institutions:

New Kent County Schools
New Kent County Schools
PO Box 110
New Kent, VA 23124

spammed us on Thursday, 14 January 2010 - 11:50pm via IP 208.32.18.245

The University of Nottingham
University Park
Nottingham NG7 2RD
UNITED KINGDOM

spammed us on Friday, 15 January 2010 - 12:15am and 2:16pm via IP 128.243.21.224

University of Tokyo
2-11-16 Yayoi Bunkyo-ku
Tokyo, 113-8658
JP

spammed us on Friday, 15 January 2010 - 1:17pm via IP 157.82.41.171

I again feel the need to point out that none of these seem to be differentiated as dorms or dynamic or in any other way associated with student shenanigans. The indication is that they belong to faculty and staff, on machines with access to confidential information, or otherwise represent an entire network that lacks proper security.

And this final spammer we feature not because the IP owner:

Core Internet Telmex Chile
Rinconada el Salto, 202, Huechuraba
-- - Santiago -
CL

spammed us on Friday, 15 January 2010 - 1:16pm via IP 190.54.16.184

but because of the domain it resolves to: mail.legalfact.cl. I guess you could say it's a legal fact that, if you've sent them mail, people other than your attorney have had access to it.

I foolishly posted Round 6 too soon, thinking this most recent spam run was over yesterday. We'll again start with those in higher learning who never seem to learn:

University of Geneva
Division Informatique
Rue General Dufour, 24
1211 Geneva 4
Switzerland

spammed us on Thursday, 14 January 2010 - 5:32pm via IP 129.194.8.73

and then highlight this agency purporting to "provide leadership" to educators:

eTech Ohio
2323 West Fifth Avenue, Suite 100
Columbus, OH 43204

spammed us on Thursday, 14 January 2010 - 4:21pm and 5:52pm via IP 208.108.141.3

If by "surpass customer expectations" they mean providing more spam than anyone asked for, bang up job, folks! And with that IP resolving to mgmt.ironport.laca.org, everyone gets to play the bonus game of "Do IronPort products inherently have security flaws?"

Finally, here is a exceptionally bad example of network management:

Internetbrands.com
909 North Sepulveda
El Segundo, CA 90245

spammed us on Thursday, 14 January 2010 - 2:19pm via IP 67.201.17.228

If you go to their home page, you'll see a huge list of sites, any of which might be storing your personal data on their compromised machine. May I suggest to investors that now might be a good time to sell NASDAQ:INET?

Change-up is the watchword for this update. We start off with another educational institution:

Northeastern University
360 Huntington Avenue
BOSTON, MA 02115

spammed us on Wednesday, 13 January 2010 - 1:36pm via IP 155.33.223.244

but immediately shift focus to this gem:

American General Corporation
2929 Allen Parkway
Houston, TX 77019

spammed us on Wednesday, 13 January 2010 - 2:39pm and 5:03pm via IP 161.159.4.33

If that name's not ringing any bells, let me help you out by pointing out that the space is handled by aig.com. Yes, those AIG assholes. Apparently billions in bailouts and millions in bonuses still isn't enough to get the people working there to competently do their jobs.

The spam has only been trickling in recently, for better or worse, so I just have these two overseas educational institutions to share from the end of last year:

Heriot-Watt University
Riccarton
Edinburgh EH14 4AS
United Kingdom

spammed us on Tuesday, 29 December 2009 - 11:58am via IP 137.195.176.11

National Chung Cheng University
Chia-Yi Taiwan

spammed us on Wednesday, 30 December 2009 - 10:59pm via IP 140.130.17.72

I don't know what the vacation schedules are in those parts of the world, but I would not be at all surprised to find that it was not student machines that were the source of these spam.

Seems like educational institutions are in overdrive while the kids are off for winter break, presenting us with the scary proposition that it must be the faculty and staff who are responsible for these:

Louisiana State University
200 Computing Services Center
Baton Rouge, LA 0803

spammed us on Monday, 21 December 2009 - 6:44am, 7:14am and again at 7:27am via IP 130.39.247.251

University of Nebraska-Lincoln
14th and R
Lincoln, NE 68588

spammed us on Monday, 21 December 2009 - 6:59am and again at 7:13am via IP 129.93.205.138

Virginia State University
1 Hayden Street
Petersburg, VA 23806

spammed us on Monday, 21 December 2009 - 7:05am via IP 150.174.32.33

Again, these are not IPs that are labeled as dedicated to dorms or other "uncontrolled" computers that you could almost expect to be insecure. These are things like geothermal.lsu.edu, where you just might expect critical research data to be stored. Having them compromised potentially compromises the science done at these institutions.

And of all the businesses that spam this site, the ones I mainly feature are those who offer security services:

ScanSafe Inc.
185 Berry Street, Suite 4700
San Francisco, CA 94107

spammed us on Monday, 21 December 2009 - 7:19am via IP 72.37.244.20

If you've let them scan anything of yours, assume it's no longer safe.

You might want to start making some tea, because this post is going to take the scenic journey, although not quite a magical mystery tour.

I don't follow many blogs that closely, but the ones I do are not just because of the direct content, but because the community they attract posts non-OMG-STFU-noob comments as well. Some good examples are:

• Slashdot
• Richard Wiseman
• Brand New

That last one is particularly pertinent, because recently there was an article with a follow-up that riled a lot of people. I used blunt sarcasm to make my point there, as I am wont to do, so imagine my surprise when someone actually sent me a logo redesign for Impossibly Stupid! If you think the site suddenly started looking a lot nicer, you can thank Neil Martin.

For the record, here's what the old logo looked like:

along with this explanation of the idea behind it . The site then had a similarly gray appearance as well (Mercury, as Drupal called it).

One thing Neil pointed out, and I couldn't help but agree with, is that the content on Impossibly Stupid has drifted a bit. On the clock-like version of the logo, the area I should have been focussing on was the 11 to 1 range, in the area between "that's just crazy enough to work" and "good ideas gone bad". Recently, though, I've been posting more in the 3 to 6 range; things that are just being done wrong. With the new logo, the focus goes back to the midnight hour that divides genius from madness.

And you see that being pushed in the new logo. By using tally marks instead of numbers (or fractional divisions), it creates the hidden story of someone who had exactly the right answer written down, but with a single stroke they took things too far and the dumb bled through for all to see. They might as well have stuck an e at the end of potato.

It also reminds me a lot of the classic "one louder" scene from Spinal Tap:

But the truly impossibly stupid part of it all is that we want the answer to be |||. We want to be able to invest $2 and get back $3. Two people might want a child, regardless of how much of a difficulty being a parent is. Sometimes it makes sense for things to not make sense, and that's what I hope to get back to featuring more of here on Impossibly Stupid. Koo koo ka-joob!