Coding Horror: A Question of Programming Ethics

A Question of Programming Ethics

March 7, 2008

As an ACM member I will

Contribute to society and human well-being.
Avoid harm to others.
Be honest and trustworthy.
Be fair and take action not to discriminate.
Honor property rights including copyrights and patent.
Give proper credit for intellectual property.
Respect the privacy of others.
Honor confidentiality.

It's hard to square that with the following hair-raising tale Dustin Brooks sent me via email:

I was looking for a way to back up my gmail account to a local drive. I've accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I'll give it a try.
It didn't really have the functionality I was looking for, but being a programmer myself I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned.
I opened up a browser and logged in to gmail using his account information. It still worked.

Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine. I decided to go ahead and blast every email to the deleted folder and then empty it. I may have accidentally changed the password and security question to something I don't remember as well, whoops, my bad. I also contacted google to erase this account as I didn't see a way to delete it myself.

I generally try to give people the benefit of the doubt, but it's difficult to imagine any scenario where this isn't a completely malicious violation of people's trust. This is every user's greatest fear when giving out their login credentials, and to see it realized hurts the trust relationship between users and every other professional programmer working today. I've inadvertently posted my own login information to this very blog before. Fortunately for me, an eagle-eyed reader by the name of Israel Orange didn't abuse that information for his own gain, but instead kindly pointed out my error to me in a private email.

I certainly hope there are more programmers out there like Israel Orange than John Terry. Ethics matter for programmers, too.

Posted by Jeff Atwood

« Death Threats, Intimidation, and Blogging

Real-Time Raytracing »

322 Comments

Bubble and squeak...you will be assimilated.

Brad on March 11, 2008 2:23 AM

Greatest fear? On the contrary, isn't that to be expected?

I mean, if you give away your credentials .. you've... given them away..?

I am totally serious here. If I give away my password, I expect the recipient to store it. So if I want it to stay secret I change it. Don't you?

Jonas on March 11, 2008 3:07 AM

What a douche. He wasnt a very smart douche either.

Is it possible that Mr. Terry missed the ACM Code of Ethics Section in his curriculum?

Kat on March 11, 2008 3:14 AM

Debug code? Yeah right!

commenter on March 11, 2008 4:06 AM

I will say, in this day and age, programming requires as much ethics as being a judge, jury or executioner. Thank you for being honest.

pasquale. on March 11, 2008 4:09 AM

Few things I need to make clear:

- I'm not in any way affiliated with G-Archiver.
- I don't know 'John Terry'
- Indeed jterry79@gmail.com emailed me in the past with some questions regarding my component.
- Later his company stole and used my software.

You can find my comments here:
http://www.lesnikowski.com/GArchiver/

Pawel Lesnikowski on March 11, 2008 4:17 AM

This sort of thing belies a much greater occurrence -- this is happening all the time, with any number of schemes. I've found one op. where you buy something via PayPal, and then need a password to access the goods -- so what the site will do is use your PayPal addy, and then use the password you used for the site...to fleece you dry and do dastardly things.

In yet another scam, in this case "Replica Outlet" or "Replica-Faux" (which is now hosted in an offshore colo...surprise!) -- what they do is run the business for three months, then right before they close up, they will charge the maximum amount they can on your credit card you used to purchase something from them -- an unauthorized charge...

The, surprise surprise, they go out of business, only to re-surface again and again. They used to be in Portland, Oregon, then they moved to Austria...and now they're hosted by a Hong Kong colo...

What really, really sucks in some cases is if you use a "Check" or Debit VISA card -- it's taken right out of your account, and they don't have to move as quickly to recompense this fraud.

Beware. These #$%*@ pissed off the wrong guy, and I am actively hunting them. They literally took food off our table...it took months to work out...beware.

Angry Defrauded... on March 11, 2008 4:25 AM

The real WTF is, of course, that the guy didn't use an obfuscator.

PaulG on March 11, 2008 5:17 AM

"We'll be releasing a new version that corrects the flaw in version 1.0."

I expect that means they're just trying harder to obfuscate in 1.0... I hope the decompilers amongst you are keeping your eyes peeled! (Although if the source is that simple to extract, it would be nice to think that someone could release a more ethical version, as an electronic "up yours" to G-Archiver!)

RWW on March 11, 2008 5:29 AM

First of all, this will cause a nasty side effect: When someone searches for the soccer player John Terry on google, his name will be next to the adjectives given to this programmer (moron, stupid, thief...)
This guy obviously abuse of people's trust but i want to make a comment to people that says "that happened due use of close-source software". Well, I cannot realize this image on my mind... the people who use this kind of backup software reading the code lines of it (on an open source soft) so... jail for john (probably) or "you deserve it" for the people who gives the login info to a program?

Sebastian on March 11, 2008 5:44 AM

Backups. Aren't there backups? Gmail has to have backups. Deleting this stuff is like picking lint off your dog. It can magically reappear in no time.

One time I was at a job posting site (a medium sized one, not monster), and I suddenly was given the session of someone else. I made a small notation in his resume, then emailed him and the site about what happened. He wasn't too happy, I don't recall the site did anything. The funny thing was the guy worked for one of the companies looking for someone like me (but only slightly geographically undesireable) - small world.

joel garry on March 11, 2008 6:05 AM

Great job Holmes:

For this kind of discovers you should be nominated the programmer of the month, congratulations

javier on March 11, 2008 6:09 AM

Hmm..

As I see on the website matemediasoft has he also made other programs..
Might be that he does the same trick again..

for example: A myspace login thingy named "friendtools" for myspace.

Qoute:
FriendTools is the best myspace friend adder, myspace mailer, and myspace commenter, and mass event, all in one program. No other myspace bot software offers so much for just $29.95. Add thousands of new friends to your network quickly. Great tool for those who want to market to myspace users. Try before you buy - download free trial version Register your software and unlock all features. The free trial version will allow you to add 10 friends - mailer, commenter, and mass event are disabled in the free trial version and due to changes that myspace has made, features other than the adder may not work correctly or at all for some users - This is a Windows program and will not run on a Mac.

Christiaan on March 11, 2008 6:17 AM

Good post Jeff,

Very nice to see how Ethics are coming more and more into focus. And also very funny to see how people are thinking different on Ethics. Always reminds me of the Monty Python sketch with the Philosophers playing soccer.

Anyway, I really don’t want to spam your Blog with advertising. But we are currently working on a system to align Ethical Values and Actions here at Actics (www.actics.com). So many people, NGOs and companies don’t live up to their values. And so many people don’t even know what their values are.

I personally do think that we developers should be more aware of our values and responsible towards our surroundings.

Peter Palludan on March 11, 2008 6:53 AM

@Travis who said:

"What about working for a company like Raytheon, whose job is to build better killing machines? Would you consider that ethically defensible?"

Absolutely defensible, yes.

Charles400 on March 11, 2008 6:55 AM

If your own ethics stop you from building better "killing machines", then could it also be unethical to NOT build better "saving machines".

The ethical line is so grey it is impossible to dictate to anyone what they should consider right / wrong. In fact, even telling someone what is right and wrong could be considered unethical.

I think this post has nothing to do with ethics, it is purely awareness of what could be out there. Unfortunately, the majority of readers of this blog would already know this, hence the number of "idiot" responses. It's your average user that needs to be aware.

Thankfully as the number of emails and websites that ask for usernames and passwords is so high, most people are already aware that anything that asks for personal data could be malicious.

Robin on March 11, 2008 8:13 AM

What are the chances Russ got this written by some South Asian dude from Rent-A-Coder?

Chris on March 11, 2008 8:30 AM

Despite the emails being deleted, I wouldn't worry about total loss of data. We are talking GMail...from Google. The data is available just not accessible.

Nate on March 11, 2008 9:05 AM

I think computer systems and online accounts are almost fully transparent to intelligence services and criminals alike.

For products based on good security principles, you have to resort to Israelian based companies like Aladdin, because of the Wassenaar treaty.

Why do I get the feeling they deliberately created a backdoor in those products?

Maarten

Maarten on March 11, 2008 9:19 AM

Some people say that Dustin went too far. I say he didn't go far enough.

If *I* had gained access to the account, I would have harvested the GMail usernames (but not passwords) and sent a note to all those users informing them of the security breach.

I think that would be even *more* ethical.

Tim McCormack on March 11, 2008 10:11 AM

haha, thats the most stupid backdoor i have ever seen.. xD

tbh, the creator of the program is not smart enough to code his backdoor in a .NET assembly, and he didn't even obfuscate it.. haha..

dEmOn on March 11, 2008 11:09 AM

Nice Work,

Greetz Me

ikke on March 11, 2008 11:16 AM

Why is the variable name still there after the code got compiled? Or Was Brian being nice and translated the instruction into a more readable code?

Tee on March 11, 2008 11:26 AM

This was a disturbing tale. It prompted me to write a post about how to archive your Gmail for free:
http://www.mattcutts.com/blog/backup-gmail-in-linux-with-getmail/

Matt Cutts on March 11, 2008 11:32 AM

Another thing I don't understand assuming the statement G-Archiver made was correct was that I thought a function like checkconnection is supposed to check connection and return the result wheter the connection is good or bad or get some error code back. Why is it a void function???

Tee on March 11, 2008 11:40 AM

Dang, these people suck. Can we ever invent a technology that prevents people from using data in unacceptable ways?

cps on March 11, 2008 11:48 AM

Slashdotted: http://it.slashdot.org/it/08/03/11/1723206.shtml

Anonymous Coward on March 11, 2008 11:51 AM

Holy ****, that is scary :|

zer0day on March 11, 2008 12:39 PM

Talking about ethics. If anybody here claims to have ethics and cites the lack of conformance to the ACM as unethical I would say you are a person without a good set of ethics. I take no issue with the person manipulating others over the web when everybody should know better than to unquestionably trust what they hear, read, see, or download on the web-or even in real life. If you are going to adopt a set of worthy ethics in regards to software you should be adopting something closer to Richard Stallman's four freedoms:

First, Freedom Zero is the freedom to run the program for any purpose, any way you like.

Freedom One is the freedom to help yourself by changing the program
to suit your needs.

Freedom Two is the freedom to help your neighbor by distributing copies of the program.

And Freedom Three is the freedom to help build your community by publishing an improved version so others can get the benefit of your work.

The ACM is a load of cr*p. It is one set of ethics that nobody should conform to. If you can't find an ethical business model with free software you should pick another career path. By agreeing with the ACM you are supporting software patents and that is unethical in my book. Free does not mean you can't make money on software. If you can't grasp the concept you shouldn't judge. On the other hand I see little wrong with doing as you please on the Internet when it is by its very existence lawless. Even the one supposedly universal law that every nation has (no one shall commit treason) doesn't work on the net. Wake up, smell the real world, and take reasonable precautions instead of trying to punish those smarter than you- except in reality the law only destroys a small minority of lives of people probably similar to oneself (if you think you have ethics anyway) since these laws are for all practical purposes generally unenforceable on the majority or violate them.

Jack on March 11, 2008 12:50 PM

http://www.sophos.com/security/blog/2008/03/1155.html

r2d3 on March 11, 2008 12:57 PM

Hi,

Was Googling my name, and came across this post,

"This John Terry seems to email pawel lesnikowski and adityasonphavde (aditya rao) I would not trust these people either.
joe on March 7, 2008 03:51 PM "

What have I done, and what is my name doing on codinghorror?

:-) Would like to know more....

Aditya Sonphavde on March 11, 2008 12:58 PM

"5. Honor property rights including copyrights and patent."

I hope the ACM guys read all the software patents pending and granted by the USPTO and other patent offices.

Poor ACMs.

orcad on March 11, 2008 1:55 PM

No doubt this is quite shocking but I would like to give the coder the benefit of doubt until we don't find a substantiative evidence that he misused or even used this information at all.

Mike Lamb on March 12, 2008 2:46 AM

The benefit of the doubt!?! He stole username and passwords of people who used the program!!! It IS a crime already. What more do you need?

TNT on March 12, 2008 4:42 AM

@alex - @Joshua others, the screenshot only shows that the most recent 1777 emails were unread - who knows how many thousands of people have tried the software. Plus, if they are being automatically forwarded they won't show up as read. I'm not sure that what Dustin did was right, but if he had to do it, he could have at least checked out the filters and saved the contact list first.

Not only that, the screenshot shows the username and password (albeit blacked out) are in subject and the mail wouldn't even need to be read to glean the password.

Whether what Dustin did was right is a bit of a tricky on. I don't think he should have left it as it is. Changing the password was definitely the right thing, otherwise, as is changing anything which could allow J Terry to regain access of the mailbox. Deleting the emails, without first making a list of the accounts could make any investigations a little more difficult - however if J Terry had been using the accounts details maliciously for personal gain, I suspect that there would be many other ways to identify that.

BTW, I can't see any possible debugging purpose for sending any passwords (let alone somebody elses) via email. Email is a 99.9% insecure protocol, and most people tend to avoid sending passwords via email. Whilst I would like to give J Terry the benefit of the doubt, I can't see any possible too. Even if he didn't do this intentionally, there is no guarantee that Dustin Brooks is the first person to find this flaw, and the list of passwords.

All in all, I think this is a great reminder for us all to be careful with our passwords and all that goes with that (e.g. not using the same one everywhere, changing them often etc.).

steogede on March 12, 2008 5:09 AM

can't believe this site is endorsing and making apology to reverse-engineering and decompiling.

This site should be taken down immediately. Think of the children!

Gabriel on March 12, 2008 6:14 AM

I have to say, that I am sure the guy who wrote the software might have alreadty used his own software to back up this account and all the usernames passwords, so unless the whole list of 17,000 people were atleast sent an email explaining the situation and making everyone aware to change their passwords...that would be better, as well, we all now should know instead of using GArchiver, let's use Thunderbird...seems like the equiv of using firefox instead of IE...

l a on March 12, 2008 6:36 AM

A story

I'm peeking through my binoculars at your hot wife stepping out of the shower. Then I notice an intruder climbing in through the window, with a knife, hiding outside the bathroom door.

Obviously, my initial actions were unethical. Question them all you want. With that said, what do you want me to do next?

1) Watch to see what happens? Probably not.
2) Run across the lawn, bang on the bathroom window and call the police? Ya.
3) Just alert the authorities? No.

You'd probably opt for #2, because you want your wife safe, and closing the curtains next time. Regardless of the morality behind what I did to discover, you want me to act and prohibit imminent harm.

Chances are, if I broke the bathroom window and got your wife out, but she got cut... you'd be ok with that.

So Dustin deletes all the email. Would we rather he keep evidence? Notify the user? Take some other action? Sure. An auto-reply would have been nice. Deleting the account would have been a horrible idea -- because JTerry could have just recreated it...

Changing the password... wouldn't that keep the emails from being sent to begin with? So... keeping the password the same and setting up an auto-responder would've been ideal. Perhaps topped off by setting up a pop client to download/delete the emails... until authorities acted.

But the bottom line, is if you see bleeding -- stop the bleeding. Dustin did that. The best way possible? Maybe not. Questionable ethics on his part re: source code? Maybe - very debatable. But all in all, he did what most people would want him to do.

blah.

Mike on March 12, 2008 6:36 AM

Interesting that in a post supposedly about morals, I see such a huge display of lack of morals. The incitement to offline harrassment was particularly distasteful.

As for the original "offense", I'm inclined to use Hanlon's Razor. Most likely, this was just (utter and abject) stupidity on the author's part.

If he was maliciously stealing account info, there's no way he'd expose himself to the same activity by hardcoding his own info in publicly available source code. Crooks don't think that way. They think the world is full of crooks just like them. You'll never find a burgalar who leaves his own doors unlocked. On the opposite side you have honest but naieve people, who think that everyone is basicly trustworthy like them.

That's what this looks like. This is the work of someone who stupidly did not see the downside of making a person's account info publicly available. Even his own.

I could be wrong of course. But it seems the dude just isn't very smart. That makes a lot of the more extreme responses here seem like the moral equivalent of beating up on the retarded kid.

T.E.D. on March 12, 2008 7:56 AM

@Yann
Encrypting the data means you have a key somewhere. Writing your own
cryptographic algorithm means it's broken (see Schneier) and anyway,
all that's needed to break your clever
encrypted-password-in-executable scheme is to set up a software
http/https proxy (fiddler, wireshark, etc.) and read the plain text
credentials passed by the program.

BTW, https is "end-to-end" security. So only your browser and the final server (whose certificate the browser uses) can decrypt the information. A http/https proxy CANNOT see anything sent, e.g. form fields containing usernames, passwords.

Revi on March 12, 2008 10:00 AM

All right, listen up all you armshair ethicist, here's my take (as another armchair ethicist):

Reverse-engineering itself is *not* unethical. It's a process, a tool. In the same sense, fire is not unethical...but arson is. Making s'mores is not unethical, even though it uses the same process -- fire -- as arson. Reverse-engineering itself is not unethical -- using the output for one's own personal gain *is*. That's not what happenned here.

Reverse-engineering is often the only way to check the facts, which are necessary for informed decision-making.

So, I applaud the actions. I also understand, as some apparently do not, that because the purloined user info wasn't exported to the offender's own contact book, notifying the *thousands* of victims would have been a hideously long, MANUAL process...or if not manual, he'd need to craft a script to do it, which was still his time and labor. The action he chose was swift, practical, and mitigated the threat (as others have noted).

Just how much of his sarcinfinite/sarc personal time was he *supposed* to spend swatting this one buttnugget? I think expecting more than he already did -- which is already above-and-beyond! -- is unfair in the extreme.

There are of course, some means which are unethical no matter which way you slice them, because they deprive others of their fair share of life, liberty, and happiness. But that is outside the scope of this discussion, so any comments about warfighting and defense industry belong elsewhere. I'm not saying those matters shouldn't be discussed, just not discussed *here*.

It's also worth noting that hijacking threads for personal agendas is unethical ;) Or at least poor netiquette. Why is it, as in NY, that the most sanctimonious are often the worst offenders?

shremedy on March 12, 2008 11:36 AM

a href="http://www.garchiversupport.com/ticket.php?track=YYMYRE5BZZ"http://www.garchiversupport.com/ticket.php?track=YYMYRE5BZZ/a

name on March 12, 2008 12:35 PM

to those who are accusing duncan of violating the dmca, remember there are carve-outs in the dmca for security research. there's an argument that could be made there.

alex on March 14, 2008 11:29 AM

"Thats really bad, and the problem is that only people like us (who knows what reflector is) realize of that kind of things and very often the law is short to punish this kinds of crimes.

Good Job Jeff! if you stop programming try to be a detective or a tv series writer.

I really enjoy your blog, thanks! "

lol @ reflector, you know not all apps are written in .NET, in fact .NET is a Microsoft framework and proprietary compiler so it makes you wonder what the hell was this Dustin Guy poking around in other ppls proprietary src code for, just curiosity or perhaps with malicious ideas of his own....

learn byte code if you want to be hardcore

matt on March 14, 2008 1:44 PM

I must be stupid, but I just don't see why you need a tool for backing up GMAIL! You can access it via IMAP (prefered) or POP3 from any email client. I use Thunderbird. What could be simpler??

Paul Szilard on March 19, 2008 7:51 AM

Two observations

1. No-One is apparently monitoring / moderating these posts

2. The Post by " Brian on March 10, 2008 06:07 AM " gives any
malicious coder a template to add this illegal scripting into
any program they want to make and have distributed on the Internet.
I'm sure Brian's ego got a good massage by showing everyone he
knows how to use a utility like " reflector " to look at the
source code in the executable of the offending software.

3. It is a catch 22 situation. you want on one hand to show people
what utilities to use , and what type of code is malicious ,
especially when dealing with any user-name and password leaching
code. But on the other hand it's a matter of giving away the
Golden Key.

4. As pointed out by " Revi on March 12, 2008 09:00 PM "

BTW, https is "end-to-end" security. So only your browser and the final server (whose certificate the browser uses) can decrypt the information. A http/https proxy CANNOT see anything sent, e.g. form fields containing usernames, passwords.
**********************************************************
If you are using an e-mail / web based online or installed on your
computer service or utility, it should always be https based
( Like Bluebottle.com or similar ).

5. As pointed out by Mike on March 12, 2008 05:36 PM
So Dustin deletes all the email. Would we rather he keep evidence? Notify the user? Take some other action? Sure. An auto-reply would have been nice. Deleting the account would have been a horrible idea -- because JTerry could have just recreated it...

As for viewing the source code: here, I see no harm. It is software I installed on MY pc, I want to know that it is NOT malicious, because of cases just like this. As long as I do not seek to profit from it, but take the action purely as a measure of self-protection, I think it's ok.

6. So, Windows users, you might want to start getting the source and compiling stuff yourself rather than using binary executables.
Volo Mike on March 9, 2008 08:58 PM

7. Go Study @ http://www.schneier.com

8. Now that username /password stealing viruses / rootkits
written in UNIX have been found on I-PODS manufactured in China
I am also suspect of all internal / USB External and Flash Drives
manufactured in China going back 4 yrs.

GreenMonkey on March 24, 2008 2:55 AM

If you noticed, none of the emails, had ever been opened. if jterry planned exploiting, he probably would have checked his inbox, before 1700 messages :P. No doubt it was just something overlooked, when the software was still in testing stages.

logical thinker on March 27, 2008 9:27 AM

"Overlooked"

Being that someone at random logged into the account, anybody else at random could have too, so John (Or whatever) didn't have to be the one to want to exploit anything, someone else could have, and in fact, if they had gotten there before the emails were deleted and changed the password they would have access to 1,700 Google accounts.

Too bad programmers like that exist to decrease my salary around the world.

Aaron on March 28, 2008 6:39 AM

I was similarly shocked when I read about the Blog Readability Badge scam - http://www.labnol.org/internet/favorites/blog-readability-test-online-scam/1910/

Although not as serious as the scam mentioned here, we need to be careful before sticking in Javascript of widgets and badges offered by third party sites.

Anil on March 28, 2008 10:35 AM

@Geri

Unfortunately, you have fallen foul of the straw man fallacy. I understand the point you are trying to make (although your tone could be improved), but the fundamental difference is a matter of privacy.

If you voluntarily distribute a piece of software, any notion of privacy as regards its inner workings is artificial. Your comparison would only be reasonable if I had said that users were entitled to acquire a piece of software without the owner's permission.

Justin Megawarne on April 1, 2008 2:07 AM

Dang, you're all so freaking paranoid! Still, I suppose it's better to have cleared out this Gmail account rather than keep all those u/p combos available...

Harold on April 19, 2008 10:10 AM

Very nice flimsy excuse on their part, who would ever trust them again?

JAB_au on May 24, 2008 11:54 AM

Flash back to a little less than 12 months ago. In Iowa, the leader board featured a former Mayor of New York, a former Governor of Massachusetts, and the DA from Law Order. In New Hampshire, the outlook was similar: Mitt Romney was at the front of the pack, followed distantly by Rudy Giuliani.
[url=http://www.topsitesranking.info ]link ekle[/url]
[url=http://www.ipcaresbi.com ]link ekle[/url]

sa ekimi on May 30, 2008 1:55 PM

amar on June 1, 2008 4:21 AM

fdfd

amar on June 1, 2008 4:23 AM

It's a pleasant surprise to find a sanctury from all that modern inane garbage they call music.

teen models on June 7, 2008 1:39 PM

WOW I WOULD NEVER BELIEVE N E ONE I WOULD NO WOULD DO THAT TO ME BUT I GUESS U CANT TRUST N E ONE....

a victim on June 18, 2008 10:47 AM

I think that this is a really neat place even though I am trying to find some pages for my reasearch paper for art.

lolita bbs portal on June 19, 2008 10:10 AM

czxczx

sdfsdf on July 2, 2008 8:46 AM

Very nice flimsy excuse on their part, who would ever trust them again?

gm on July 3, 2008 1:39 PM

This is way late of course, but anyone suggesting this was anything but an attempt to steal passwords is just kidding themselves... consider the code

public static void CheckConnection(string a, string b) {
....try {
........//sending the password...
....} catch (Exception) {
........//Nothing here?
....}
....//rest of the code

It has no return type and doesn't throw and exception - what checking can it possibly do if it is functionally equivilent to an empty method.

Besides - if he is checking a connection, he doesn't need to send any information, his password is more than enough to verify the site can be accessed.

Whatever on July 30, 2008 2:45 AM

I think that this is a really neat place even though I am trying to find some pages for my reasearch paper for art.

horse blowjob on July 31, 2008 7:03 AM

Dearest One!!

With due respect, trust and humanity, I write this
letter to you seeking your help and assistance, though
it is difficult since we have not met before. In
Abidjan regarding your business profile and sincerity,
I beleive that you are capable and reliable in
handling this urgent international transaction of this
sorft.

AT (miss.sandra_boga@yahoo.fr)
I am Mis Sandra Boga, The daugther of Professor Emile
Boga Doudou, Former interior minister and a great
politician in cote d' ivoire political arena. Because
of my father's sincerity, He was killed on the 19th of
september 2006 by unknown soldiers inhisresidential
house during the coup plot in cote d' ivoire. See BBC
news for more information about my late father's
death.

(http://news.bbc.co.uk/1/hi/world/africa/2268718.stm)

Before his death he disclose to me about the
diplomatic money he deposited in a [security company]
containing us$9..3million (Nine million Three hundred
thousand dollars) and my name was the next of kin
and the original document of deposit is intact. The
fear of money not raising eye brows here in cote d'
ivoire I decided to contact you seeking for your help
to claim the right ownership of the consignment and to
open a new bank account for this money to be transfer
to as all arrangements for a hitch free transfer have
been fully taken care of,

I want to assure you that this transaction.is 100 %
risk free as no other person knows this box apart from
me and you. dear, as for your reward and kind
assistance I have resolve to give you 15% of the total
amount and 5% for any expenses that might be incured
in the course of this transaction.

I planned to invest the rest of the money in your
country under your guidiance. If you are willing to
help me try as much as possible to reach me through
the email to enable us proceed in earnest towards
concluding all transaction. dear, bear in mind that my
life depend on this fund and I do hope that this money
will be safe when finally transfer into your new
account. I do hope of establishing a rewarding and
good relationship with you and your family after this
transaction hoping to hear from you as soon as
possible.

I am 23 years old, single and Also a christain but I
was meant to know that a woman has no religion untill
she is under a man or family therefore I promised to
abide to any religion that you and your family are
into.

Thanks for your co-operation and God bless.

Best regard

Miss Sandra Boga

Miss Sandra Boga on August 3, 2008 7:13 AM

I think that this is a really neat place.

jq's big naturals on August 6, 2008 10:45 AM

thanks

oyun oyna on August 13, 2008 11:21 AM

The article speaks of a piecing together a new financial plan.

lesbian wrestling on September 9, 2008 2:00 AM

I have nothing to say about your blogs it is nice blogs thank you. a href=http://alaminos.netkabonfootprint/a

kabonfootprint on September 11, 2008 4:05 AM

Why didn't he send all the credentials to a different e-mail? I'm glad he didn't, but that was kind of stupid.

Zac on September 11, 2008 10:19 AM

qsw18d
gtg09y
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
#27893;
#27700;#27893;
#29615;#20445;#35774;#22791;
#27893;
#27893;
#27893;
#27700;#27893;
#27700;#27893;
#27700;#27893;
#27700;#27893;
#40831;#36718;#36755;#27833;#27893;
#40831;#36718;#36755;#27833;#27893;
#29615;#20445;#35774;#22791;
#21270;#24037;#27893;
#21270;#24037;#27893;
China Travel
China Tours
China Tours
beijing Tours
beijing Tours
beijing Travel
beijing Travel
shanghai Tours
shanghai Tours
shanghai Travel
shanghai Travel
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
wow gold
#27893;
#27700;#27893;
#40831;#36718;#36755;#27833;#27893;
#29615;#20445;#35774;#22791;

df27hg on September 17, 2008 7:29 AM

its incredible! we forget rule - Trust but verify!

Grandi on September 29, 2008 3:43 AM

m_mohamed_1996@hotmail.com

mohamed on October 7, 2008 11:39 AM

At the risk of pointing out the obvious, if you type your user name and password into some shareware program that you've downloaded, then you're always leaving yourself wide open to this kind of abuse.
---------------
shivani

shivani on October 10, 2008 9:57 AM

Hi, I need the gmail password of one of my friends to investigate something. Can you somehow help. I am in urgent need of help.

Matt on November 26, 2008 9:27 AM

Regardless what other people says..., I do in love with your site, just go for it dude..., there's always a whiner along the road...

:).

Jaz on December 1, 2008 7:27 AM

Love it..., just write more...

Edi on December 2, 2008 3:13 AM

I wish only malicious programmer was him. Maybe, he just wanted to read someones mail, not with intention to stole bank accounts etc. we don't know.
There are many of them out somewhere. We use too many programs in our PC's, do we have to do reverse engineering to all them to be able to use all them safely.
No, whatever we do, there will be yet some mysteriour thingd behind the screen.
We have an idiom;
Education is must.
But not in just school, in the family, shou#351;d start as soon as we born.

FeRHaD on December 5, 2008 7:46 AM

hey dude its not right to de-compile that code in the first place, just like Israel Orange did, you should have privately emailed John Terry. Not only did you go into his account where all the email accounts were stored but you deleted all the emails but you changed his password and secret question as well!
Your telling us about ethics? Look what you did...
Naughty naughty.

Then again Terry was up to something... fishy fish.

Chickenmobile on December 8, 2008 11:19 AM

vdsf

vxcvx on December 27, 2008 3:44 AM

camfrog
password ?

lovely on December 30, 2008 8:50 AM

hi this is ram

Internet Marketing Company on January 7, 2009 1:27 AM

hi this is an internet marketing company

Internet marketing company on January 15, 2009 5:10 AM

I think that this is a really neat place even though I am trying to find some pages for my reasearch paper for art.
http://autoprestizh.ru/

Olof on January 29, 2009 12:21 PM

Once again the post is great.
Thanks much.
http://slsecurity.blogspot.com

I'm not an expert of the field.
But hopes I can help others.
http://winguard.blogspot.com

winguard on February 3, 2009 7:53 AM

Please I want the steps to hack a yahoo and gmail account plz send it to rsundar1992@gmail.com

Sriram on February 12, 2009 7:42 AM

No one can easily hack gmail or yahoo mails.
But found some hack here.
http://crackzsl.blogspot.com/ : Cyber Realm Srilanka

winguard on February 14, 2009 8:17 AM

Regardless what other people says..., I do in love with your site, just go for it dude..., there's always a whiner along the road...

-------------------------
http://www.boatrental-hk.com/

ytecht on March 17, 2009 4:16 AM

Much has been discussed about Identity Theft, user ID's and Passwords stolen or hacked, credit cards being used without the owners knowledge and so on. Now there is a safe way of protecting your passwords and identity online from being copied, stolen and hacked by keyboard trojans, using your biometric fingerprint and face recognition, and even voice, to log on to web sites. By simply scanning your finger or face or voice you can log on to a web site, log on to your computer, and even encrypt files and folders. No more worrying about who might hack into your online accounts or even your email. No more remembering passwords or using the same passwords on many sites. This is an exciting new innovation from myBiodentity and they have about fourteen products that are enabled with biometrics including email encryption, password manager, virtual disk, and many more. You can read more at About Identity Theft and stolen passwords, recently I came across a site that uses Biometrics of finger, face and voice verification so the user just scans to log on. You can read more at http://www.mybiodentity.com

biometric01 on March 31, 2009 4:05 AM

Hey! Thanks for the invitation so much. I will try to come back as soon as possible. ;).
I am from Nicaragua and know bad English, tell me right I wrote the following sentence: Cheap airline tickets to croatia, flights to zagreb.

With best wishes :), Dotty.

Dotty on April 18, 2009 10:42 AM

Well that is just crazy. Good thing the information landed in a decent persons lap. Could you imagine what could have happened if the info was in the wrong type of persons hands. And I could also imagine most of the passowrds used would have been the same passwords for personal documents aswell...tis a shame things like this happen. But nice to also see there are decent people in the World still :)

Nintendo DSi on April 27, 2009 1:43 PM

Also, why is there so much useless comments on here trying to use the HTML, it clearly says dont use it!

Free Xbox 360 on April 27, 2009 1:44 PM

a href=http://something4free.net/free-xbox-360/how-to-get-a-free-xbox-360/http://something4free.net/free-xbox-360/how-to-get-a-free-xbox-360//a">http://something4free.net/free-xbox-360/how-to-get-a-free-xbox-360//a">http://something4free.net/free-xbox-360/how-to-get-a-free-xbox-360/http://something4free.net/free-xbox-360/how-to-get-a-free-xbox-360//a
a href=http://something4free.net/http://something4free.net//a">http://something4free.net//a">http://something4free.net/http://something4free.net//a

Java on April 27, 2009 1:45 PM

Boriss on May 13, 2009 1:38 PM

This really a good site for Programming. I have lot of info in this site. Thanks For Sharing

sohan (boiler installer) on May 16, 2009 3:24 AM

This really a good site. I have lot of info in this site. and we have a boiler installation company at UK London.
The site URL is
http://www.boilerinstallationslondon.co.uk

sohan (boiler installer) on May 16, 2009 3:40 AM

Good work. Keep going. YOu can check this software download site and submit your software PAD file

http://www.downloadpapa.com

Suvro on May 16, 2009 4:36 AM

Well...I suppose the classic examples of unethical programming are the guys from EDS who wrote the software for SAVAK the Shah of Iran's secret polcie in the 1970s.

club penguin on May 31, 2009 7:59 AM

Nice post thanks.

have to look into it

Free iPhone on June 5, 2009 5:35 AM

thanxx post. have to

beyaz eşya servisi on June 10, 2009 2:13 AM

wow, thankfully the user of the software was smart enough to delete everyone's username and password. It's amazing what goes on behind the scenes.

club penguin on June 14, 2009 10:15 AM

Hi, I need the gmail password of one of my friends to investigate something. Can you somehow help. I am in urgent need of help.

oyUn on June 17, 2009 12:28 PM

«Back | More comments»

The comments to this entry are closed.