"drukenbatman" gets on the shit list

Created , updated 6 minute read

"drunkenbatman", pictured on the right, has just knowingly posted an article which crashes Safari (warning: do not read that article in Safari) to his website, drunkenblog.com. He has this to say:

I’m aware many people who have the site in their feeds will be trying to access it via something based on WebKit/WebCore. Safari may have crashed, and you lost all your open tabs. You may have had your RSS reader up, and opened up some links in tabs, and down it all went. Read whatever you will into the fact that while these things did occur to me, I’m attaching it inline instead of linking to it separately anyways.

Mister "Batman", you are now officially on my shit list. In some countries it’s illegal to knowingly exploit that kind of vulnerability (akin to writing a virus or trojan). You could be opening yourself to civil prosecution as well for wilful and malicious destruction of other people’s data. In all countries it’s just plain bad form, and even worse when you know that your readership is almost exclusively Mac users, a large portion of them running Safari. I’m removing you from my list of "weekly rounds", I’ll never be visiting your site again, and I’ll be advising anyone that asks me to avoid your website and all its self-important, opinionated ramblings like the plague.

Update (20 April 2006)

I’ve just posted an article with new information that has come to light. The short version: "drunkenb@gmail.com" sent me a pair of email messages attempting to crash my mail client; given the timing of the attacks I presumed that they came from "Drunken Batman"; a pair of individuals pointed out to me that "Mr Batman" does not usually use a Gmail email address; later "Mr Batman" posted an article denying that he was responsible for the messages and insulting me in such a way that pretty much confirms my opinion of him. For full details see my update article; to see the original content of this article (posted immediately after receiving the attacks), read on.

Previous updates

I’m rather speechless, but "drunkenbatman" (or someone purporting to be him) must be having a bad day because he just sent me an unsolicited email containing an image in an effort to crash my Mail application. This is one step beyond posting the crash-provoking image on his website for unsuspecting members of the public to stumble across and "be taught a lesson"; this time it’s a personalized attack directed specifically at me, and so it brings all manner of nasty adjectives to mind to describe the personality of this guy. I guess it means he gets a promotion from "thoughtless dickhead who crashed a random bunch of people’s computers" to "arrogant asshole who misguidedly thinks he has a right to do harm to specific individuals in order to 'make a point'".

Mr "Batman" failed to crash my Mail application because I stripped the attachment before viewing the message using Mail’s handy "Eliminar archivos adjuntos" item in the "Message" menu (not sure how it’s worded in the English localization; I’m running in Spanish). This is the first contact I’ve had with this charming gentleman who right now is behaving like a petulant script-kiddie: note that although his email is titled "My reply" I’ve never contacted him in the past; he’s responding to this weblog post.

He writes:

I think you’ll find my argument quite compelling.

thx,

DB

Unfortunately, I don’t see any "argument" at all. All I see is an asshole who just tried, unsuccessfully, to remotely crash a program running on my computer. I think there are much better ways of making a point. Once again, I counsel anyone reading this to steer well clear of this guy’s website. Is this really the sort of person whose writing you want to read?

[Later on…]

Drunken "Hacker" Batman has just made another attempt at crashing my mail application, this time trying to conceal his attack using the name "Customer Support" and the subject, "Enrol to beta test the new version of Adobe DreamWeaver today!". This guy has all the cleverness of an idiot spammer and just as much charm. I must admit to being surprised at the levels of pigheaded arrogance that this fellow is capable of attaining. How low will this guy sink? What is his point exactly? That Apple has a vulnerability in one of their frameworks? (Gasp!) That it can be remotely triggered? (Wow!) That not only can it be remotely triggered, but that he, the one and only Drunken Batman, is so clever and hardcore that he’s prepared to break the law and risk litigation in order to show it? (Awesome!) I guess that his motivation must be in their somewhere, but the only thing he’s achieved so far is to demonstrate what an asshole he is (oh, and to waste my time… please, Mr Batman, fuck off and stop bugging me; I’ve got much better things to do than tell the world what a dick you are).

Thank god for filters. Set your mail client to route all messages from drunkenb@gmail.com to the trash and you’ll be fine; better yet block it at the sendmail level. Of course, that might not protect you in the event that he decides to use another address (and he does seem to be the sort of puerile jackass who’d be inclined to try), but it’s a step at least.

Seeing as it hasn’t yet gotten through Mr "Batman’s" thickened skull, I’ll share with him what I believe are the appropriate means of disclosing a vulnerability. Here are some simple steps in "do’s and don’ts" format:

  1. Do report the vulnerability to the vendor.
  2. Do make a public announcement at an appropriate time if and only if you feel it’s in the public interest.
  3. Do provide a reproducible test case, but only to those who are interested: don’t ram it down people’s throats by trying to remotely exploit vulnerabilities on their computers without warning.
  4. Don’t send emails to specific individuals that disapprove of your conduct (see point 3) in an attempt to cause crashes; for the braindead (that’s you, Mr "Batman): this is just as nasty as writing a virus, worm or a trojan.
  5. If you fail in your first attempt to cause a crash on your target’s computer, don’t come trying again using low-level spammer tricks; you shouldn’t be doing it in the first place.
  6. If you’re upset with your vendor, do feel free to complain about it or write a rational criticism; but being upset is no excuse to start acting like an asshole.

The first message in full:

Return-Path: <drunkenb@gmail.com>
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.189])
    by s69819.example.com (8.12.11.20060308/8.12.11) with ESMTP id k2VImHYR012480
    for <example@example.com>; Fri, 31 Mar 2006 12:48:18 -0600
Received: by nproxy.gmail.com with SMTP id q29so667244nfc
        for <example@example.com>; Fri, 31 Mar 2006 10:48:17 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=PLmyOltZAbBI0oEA9CBNjO91niLDAMgFMVcnmQiyn06YM2gV8EMzRBs3BnNIejUXUU8foVXIoScLVKBLT1OHwfJ35oPjL2/u42k3zmpqJokIAZtJ9Dm9sK/cugkfM0YBAIrz7ZpcENHfjj6Xi4eXL+Zsm7cxupl7SrrRBBOFHXU=
Received: by 10.49.80.4 with SMTP id h4mr498581nfl;
        Fri, 31 Mar 2006 10:48:17 -0800 (PST)
Received: by 10.48.49.19 with HTTP; Fri, 31 Mar 2006 10:48:17 -0800 (PST)
Message-ID: <f11040660603311048v73456e2dh8257c81c6a9953b2@mail.gmail.com>
Date: Sat, 1 Apr 2006 03:48:17 +0900
From: "Drunken Batman" <drunkenb@gmail.com>
To: example@example.com
Subject: My reply
In-Reply-To: <f11040660603311046l3eacb261u9226f5975594e2db@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_Part_8971_25485783.1143830897572"
References: <f11040660603311043o17588b79y46c8c69eff1a2b56@mail.gmail.com>
     <f11040660603311046l3eacb261u9226f5975594e2db@mail.gmail.com>
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamdscan / ClamAV 0.88/1364/Thu Mar 30 14:05:50 2006
X-Spam-Status: No, hits=0.0 required=5.0
    tests=HTML_30_40,HTML_MESSAGE,IN_REP_TO,REFERENCES
    version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)




------=_Part_8971_25485783.1143830897572
Content-Type: multipart/alternative;
    boundary="----=_Part_8972_17246094.1143830897572"




------=_Part_8972_17246094.1143830897572
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
    charset=ISO-8859-1
Content-Disposition: inline


I think you'll find my argument quite compelling.


thx,


DB


------=_Part_8972_17246094.1143830897572
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
    charset=ISO-8859-1
Content-Disposition: inline


<span class="gmail_quote"></span>I think you'll find my argument quite compelling.<br>
<span><br>DB<br>


</span><br clear="all">


</span><br clear="all">


------=_Part_8972_17246094.1143830897572--


------=_Part_8971_25485783.1143830897572
Content-Type: text/plain;
    charset=US-ASCII
Content-Disposition: inline






[El archivo adjunto screenshot.jpg se ha eliminado manualmente]




------=_Part_8971_25485783.1143830897572--

The second:

Return-Path: <drunkenb@gmail.com>
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.188])
    by s69819.example.com (8.12.11.20060308/8.12.11) with ESMTP id k34K7KEQ026825
    for <example@example.com>; Tue, 4 Apr 2006 15:07:20 -0500
Received: by nproxy.gmail.com with SMTP id q29so1245264nfc
        for <example@example.com>; Tue, 04 Apr 2006 13:07:19 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=f/7MTrPtBTzi/8IC9wgCVzaQZ41GUHDOQx+v9eOfBpH5y3aT1GWtUmGxYHli+mxjIbxLai/ReeD+CF/AzYiq6V7ew9HAa1Q6M26NqBRin/uJUNQWKwHsUVw/GJikfLsn+NkP6f0XYBg7VwjBTpbzpYg69IRoxevnHiaYyv9JT5c=
Received: by 10.48.142.20 with SMTP id p20mr698037nfd;
        Tue, 04 Apr 2006 13:07:19 -0700 (PDT)
Received: by 10.48.49.5 with HTTP; Tue, 4 Apr 2006 13:07:19 -0700 (PDT)
Message-ID: <f11040660604041307u79f9122ide1d35652e257425@mail.gmail.com>
Date: Wed, 5 Apr 2006 05:07:19 +0900
From: "Customer Support" <drunkenb@gmail.com>
To: example@example.com
Subject: Enrol to beta test the new version of Adobe DreamWeaver today!
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_Part_4194_10700580.1144181239721"
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamdscan / ClamAV 0.88/1375/Tue Apr  4 09:55:06 2006
X-Spam-Status: No, hits=0.0 required=5.0
    tests=none
    version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)




------=_Part_4194_10700580.1144181239721
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
    charset=ISO-8859-1
Content-Disposition: inline


We hope you will enjoy the beta testing experience!


------=_Part_4194_10700580.1144181239721
Content-Type: text/plain;
    charset=US-ASCII
Content-Disposition: inline






[El archivo adjunto screenshot.jpg se ha eliminado manualmente]




------=_Part_4194_10700580.1144181239721--