Oh, Office Postings

I very rarely talk about things at work publicly, since I’d rather not risk getting yelled at for making fun of things, but this sign needs to be shared and discussed. I work in the office portion of our building, which runs the same length of the warehouse on the front-side of the building, with the kit room (where packaged components are assembled) in the warehouse. The lunchroom/kitchen are on the opposite end of the building, and it’s easier to walk through the office from the kit room to get to the kitchen.

Well, it was, until the kibosh was put on it with this sign pasted on every door in the building:

This sign is the epitome of what I hate about office politicking. You dirty dregs of society that technically work in the same building aren’t good enough to walk through the office. Your appearance is distracting and we just can’t risk the impact to our productivity when you’re walking through for 35 seconds. Or something to that effect. I didn’t write the sign, so I have no idea what the real motives behind it were, but it strikes me as disrespectful. I guess walking into the office to speak to HR is okay, although you probably should leave through the same door so it doesn’t appear as if you’re cutting through. Maybe it’s easier to call into the office and have people come out to you, so you don’t even come into the office at all.

Besides, how obnoxious is this sign? It’s in all caps with multiple exclamation points and bold/underlined words for emphasis. It reads more like an angry child ranting about a pet peeve, rather than an official posting of a recently enacted company policy.

No, that’s my sandbox, and you can’t put your Tonka truck into it! Seems totally legitimate.

Damn it all to hell.

Normal sized Mighty Muggs are awesome, but with the Avengers movie they put out these mini ones that make me squeal in delight every time I gaze upon them. They’re so adorable! Anyhow, when I saw this two-pack of Silver Centurion and Iron Monger, I knew I had to own it.

Mini Mighty Muggs

The Centurion costume was my favorite version of Iron Man –and still would be if they didn’t make the Extremis armor– so I just had to buy it the instant my eyes realized what I was staring at in the store.

We usually make Walmart runs in the wee hours of the morning, since it’s the one place still open that we can walk around. Being that I bought it at 3:00 in the morning, I didn’t even look in my bag until I woke up later on that day. I unfortunately noticed that my Iron Bros were scanned twice, and I knew I had to get my money back. It’s extremely uncomfortable dealing with this situation because everyone that works in retail is cynical and expects the worst from every customer that walks through the door. I’m guilty of it too, since I used to expect bullshit from people when I was working returns earlier in my life, but I have a new perspective on it now.

I went out to lunch with my buddy Jerry (which is chronicled ind his awesome derryX Dines post about the food), did some work on his site, and decided to go get my money back. It was now eleven hours after the purchase when I brought the receipt to the return counter and waited my turn.

I could see the disdain in the associate’s eyes when I stepped up with a receipt and no item, before I even began to explain the situation. It’s cool, though, keep giving me that dirty fucking look because you think I’m out to scam you. Fuck you. It’s even cooler that you want to try and shame and intimidate me by requesting my identification before processing my request. Go ahead, get really snide with me when I inform you of your own policy which states I need not provide identification for returns or exchanges with a receipt, especially when I’m seeking recompense for your fellow employee’s error.

At this point, she said she couldn’t do anything for me without my ID, and went to dismiss me by calling the next person in line. Being a veteran retail worker, I told her to just call the assistant manager on duty, since neither she, nor a CSM would be able to help me at this point. I was rather annoyed.

When you tell a low-level employee that they’re not going to be any further help to you, and you tell them to bypass their immediate supervisor, they go into super defensive mode. It’s really fun being accused of trying to steal $13 by someone that doesn’t even make that in an hour, and I’m well aware of the fact that people abuse the “no hassle” returns system of major retail chains. In the grand scheme of things, this $13 over-charge wouldn’t break my checking account, but it’s the damned principle of the thing. I don’t steal from you, don’t steal from me.

She gets on the walkie-talkie and calls her CSM over to the desk. Goody, another time running through the story for someone that’s not going to make the judgment call of returning my money. I was looking forward to it. The CSM walks up, they go around the corner to talk shit about me, and come back out. The CSM tells me that she’s sorry, but she can’t do anything without my ID, and that I should have noticed it before I left the store.

You’re right, I should have, but I didn’t. I don’t care, and your employee fucked up. Give me my money back. I’m bordering on the edge of being pissed off at this point, so I call her useless and tell her to get the assistant manager, like I told the returns bitch to do five minutes ago. Now that you’ve both been extremely uncooperative, I want to make your day at work pretty shitty. I’m going to be as bitchy as I can be in front of your manager, so he’ll take it out on you later because he got bitched at over thirteen fucking dollars.

They push me to the side and start waiting on the next person in line. After waiting for ten minutes, and four pages for the manager, accompanied by dirty looks from the returns bitch, useless CSM, and the customers in line, the manager decided to lumber up to the desk. I explained to him that I was there less than 12 hours ago, and realized I was double charged. I further detailed that the returns bitch and the useless CSM tried to strong-arm me out of my money, and that he took exactly eleven minutes to waddle his fat ass up to the returns counter, and that it was only a $13 charge I wanted back. He shot a look at the useless CSM and returns bitch that made me feel good inside.

You know, better than I was for the previous twenty minutes of my life when I was being treated like a total scumbag without any dignity. Then again, I do shop at Walmart. I guess my dignity was pretty much out the window before this experience. The point is, don’t think everyone is out to get you, especially when you work at the returns desk at Walmart. Do your job, get paid, move on.

 

Is there anything worse than fan-fiction?

Fan fiction is the lowest form of “creative” writing known to humanity, where these no-talent hacks try to write stories involving their favorite characters. The problem, though, is their interpretations never align with what the actual character would be doing or saying.

Take this one that I found today, while looking up some information on my upcoming week of superhero movie posts. It’s called The Hippie’s Date, and focuses on the “Nolan” Joker going to a club, picking up a hippie girl and necro-fucking her. No, really, that’s what happens. I couldn’t make it up if I had to.

Anything sarcastic I write won’t even come close to reading it on your own, but I certainly do not recommend reading it. It’s a waste of five minutes, and you’ll just question why you’d ever read my blog in the first place. If you’re curious but don’t want to invest the time, here’s some of the choice cuts that I think are pretty representative.

“Groove is in the heart,” he sang, sitting on the roof of the tall building, overlooking Gotham. “Groove is in the hea-a-art. DJ Soul is on a roll, I’ve been told he can’t be sold, he’s not vicious or malicious, just de-lovely and delicious….. Hm. Doesn’t sound like my type at all. But, groove is in the heart.”

Oh baby, this really screams Joker to me. I’m totally into it. After some really drawn out, non-descriptive scenery paragraphs, Joker meets up with a hippie in a dance club. Here’s the quality dialog that happens after this broad asks about the “etchings” on his face:

Ah, the Joker thought. That would explain it. She thinks I’m some kind of Goth guy or Emo kid. Silly girl. And the Joker chuckled to himself. The Joker’s own thoughts often amused him, especially if they manifested into reality, like many of his more devilish plans. “Oh, have no fear, Buttermuffin. Before this night is over with, you’ll hear alllll about it.”

He snaked his left arm around the Hippie chick’s slender waist. “Tell me your name, Chiclet,” he said, his voice never losing that edge of dangerous humour that always threatened to spill over into something deadly.

“It’s Edna, of all things, but I like to be called Springtime, or just Spring. How ’bout you?”

“Well…. I could always be the Autumn to your Spring, the fall to your rising. You know how everything just has to end.”

“But they always begin again, never forget that.”

“Maddening isn’t it?”

Spring laughed. “You like to joke around, don’t you? But you never told me your name.”

“You could always call meeeeee….Joker.”

“Okay, Joker it is!”

“So, how about those etchings, Springtime in the Winter?”

Oh baby. How steamy is this? I’m really hooked, how about you? After getting her back to his apartment, he does the whole “wanna know how I got these scars” routine from the movie. Except this writer drags it out to about 500 words of incoherency. It never ends. Unfortunately, I don’t wind up dead like the hippie named Spring, although it’s probably for the best that I don’t.

Her voice catching from fright, Springtime said, “I’m s-so.. so sor-rh-hee.”

“Why yes, yes you are.” And, with that, the Joker sliced into Spring’s face, first her left side, then her right, making her a smile identical to his own. He did it so quickly, she didn’t even get the chance to scream before he buried his blade through her throat, pinning her to his bed like a collected butterfly.

Springtime’s eyes were like two mirrors that drew the Joker in. Even in death they seemed to carry a kind of life of their own…

He cocked his head and stared at her, wondering what it would be like to enter her now. Blood spread out behind her head, hypnotic in its slow insistence. In spite of all his numerous aberrations, the Joker had never been one for necrophilia. It wasn’t that he thought it was wrong. In the Joker’s world, there were no wrongs or rights. Things just were. The Joker just did. Life just was, and so was death. He’d just never had the opportunity to fuck a dead woman, or a dead man for that matter, before Spring’s premature departure from the land of the living. He may never have the chance again, so why…..not?

I’m not going to quote the necrophiliac intercourse that transpires, because it’s as horrible as you’d expect, if not worse. Here’s the paragraph after he’s all done.

The Joker withdrew his quickly softening member and wiped himself dry on Springtime’s dirndl. He doubted anyone would want it anyway after she was found. Well, you never know. Some thrift store may end up selling it to some other Hippie in the name of charity. Hell, maybe some Hippie named Charity would wear it with pride, ignorant of the pools of blood and semen in which the simple dress had been drenched.

Oh, cool, so after you have the Joker fuck a dead girl, you’ve got to take a cheap shot at hippies. The piece ends with awful lyrics to a song that the Joker sings as he dresses and leaves. Everything about this is just so absurd. I hate that I read this thing, and I hate that I’m blogging about it, but such is life. It’s one of those things that I couldn’t be the only one to experience, and I had to put it out there. Do with it what you will.

MTGO Beta Phishing

I’m not releasing any details about the beta client itself, so I do hope I’m not in violation of the non-disclosure agreement I was presented upon joining the beta. I need to vent about an ongoing issue and I felt this was the best way to get the word out there.

I’ve been part of the beta testing of the new MTGO client for a few months, and just about every two to three weeks they send out email blasts saying a patch has been pushed out, and they’re doing specialized events to test the update. Along with this invitation to upgrade the client and play, there is a link to a survey to provide feedback about the changes and your experiences over the event weekend.

Brilliantly, the last email was sent with each of the beta tester’s emails exposed. I’m a relatively public person online. If you Google MetalFrog or my actual name, I have a solid presence, and If you want to find me you’re more than able to.

What bothers me is that there are scumbags everywhere in the world, and of course one of the people that received this email decided to capitalize on the opportunity. The phisher created a shill survey to collect account details. The email sent out yesterday had the same subject as the official Wizards email, and nearly an identical body. The only things changed were the URLs to the survey, and a reminder that yesterday was the final day to partake in the survey (to still have prize eligibility for participating).

Since the original email was mostly unaltered, the correct deadline for the survey was intact. A more astute reader would notice that the survey could be completed up until Tuesday, April 3 at 6:00 pm PDT, but the email said that yesterday was the deadline. Further more, a more astute internet user would know to never share their password with anyone, anytime, no matter the circumstances under which it was requested. I don’t want to blame the victims at all. Yes, precaution would have prevented their information being compromised, but nonetheless they were preyed upon.

I’m upset with two parties right now: the phisher and Wizards of the Coast. While I am a public person on the internet, exposing my email to 400+ people is not within my reasonable expectation of privacy. What they did is nothing worse than what I have already done with my public-facing profiles over the years, but for less-public persons, it’s a worse violation. I’m more upset that we’re going through day two of this without any official acknowledgement of the happenings. Come on, Wizards, where is your response? I know for a fact that at least five of us have contacted you with details about this attack. None of us received comment as of the time of this publication. Get on it!

The phisher contacted some of the people to “apologize” for their actions. Here is the content of the email forwarded to the other beta testers that were not contacted:

Good day Beta players, since the latest phishing scam I think it’s important to clear things up a bit. The most easy way to do this is be sending you the e-mail that I send to wizards, here it is:

“So I heard that you had some trouble with phishing, now I’d like to explain the situation to make your work more easy. It all started when I received the last e-mail from Wizards it was an announcement that another Innistrad weekend was coming. The first thing that flashed through my mind was: “Nice, I can play Innistrad again and get free boosters” I always like these weekends and I enjoy participating in the Beta.

Then a friend of mine told me that there was something weird about the e-mail Wizards had send us, the weird thing was that all the e-mail addresses that the mail where send to were viewable. This made it possible to see every e-mail address of the Beta players (I can’t say for sure it are all e-mail addresses but by looking at the huge number of e-mail addresses in there I think it’s safe to say that it were all the e-mail addresses).

So of course it was true! Someone at wizards had send the e-mail in such a way that everyone could see the e-mails addresses of everyone. Now me being a “smart” guy I quickly realized the damage that could be done by having this information. Of course I also am a very nice person so I decided to do nothing because surely Wizards was going to send everyone an e-mail warning them of the great dangers that were lying ahead because of their own mistake.

I waited two days and I didn’t receive any e-mail, I realized Wizards probably didn’t think that this mistake could do harm. Sure it wouldn’t do the greatest harm, but phishing is a great problem under less intelligent people. Now I decided to educate Wizards and those “less intelligent” people on how phishing works.

My first Idea was to recreate the website from scratch so I dusted off my coding skills with .HTML and .PHP and started to work with the source code from the website were the survey was taken. After around 45 minutes of work I realized this was never going to happen in one day (I pretty much knew nothing about the subject anymore). So I decided to look for other options, I went to 4chan but 4chan was down, I moved to some other less known websites and IRC’s but those couldn’t help me either.

When then I realized at which website the survey was taken… A website that takes surveys and I could make my own survey there! The greatest most amazing thing about this was that the website offered a free 14 days trial, pretty much enough to let the phishing happen. The other plus sides were that I pretty much had no work to do in order to get the survey look like one of Wizards and the link was also indistinguishable unless you looked really well.

All I needed then was an e-mail address, I chose for a gmail account which looks more professional then Hotmail, yahoo, live etc.. After creating the e-mail (and of course the survey had been made already) I e-mailed 10 people, then 10 again, then again 10 and then again 10. I did it this way so if people would come to know of the phishing they wouldn’t be able to e-mail each other that easy, plus I didn’t really know how to e-mail everyone at once (I kept getting some error).

I did try mailing everyone in one go, I tried it 5 times and it all gave an error. When later that afternoon all 5 of them simultaneously arrived at everyone’s e-mail address. This of course immediately ruined my credibility and after a few people filling in the survey people started to mail that phishing was happening!

At this point I had 8 login details, correct username + password. If I would’ve mailed everyone per 10 I’m very very sure more people would’ve responded (the first 40 2 people responded the next 360 6 people so do the math, assuming of course that there are 400 Beta players I e-mailed which I am not sure of because I am too lazy to count).

Now as I said before I’m not evil, I’m pretty nice I just saw this great opportunity to educate the masses. So there I had all the login information and to my happy surprise people started warning each other and educating each other, personally I think this was great and you should applaud the people e-mailing with warnings for their good behaviour.

Then Wizards still didn’t send any warning e-mails so I started logging in on all the accounts and soon I saw cards worth hundreds of dollars. But as I said I’m not an evil person, I just wanted to educate so I started telling the ORC of the situation. I told them that I was sitting on accounts that I hacked with phishing, I also told them that I wanted to help them with their investigation.

I even offered them multiple times to name everyone that gave up their details but the ORC just kept banning me and didn’t want to have a civilized conversation. I think this is really really stupid from the ORC because now they have to do an investigation and I have to type this whole, so far 2 pages long, text explaining the situation.

So if you at Wizards are interested in the whose account details I still got (some aren’t blocked/banned/put on non-active yet) just tell me, I’m not a bad person I’m glad to help.

Wasn’t this very educational? Don’t you think it educated a lot of your beta testers? How much more do you want from me, a fewllow Beta player? I tested the system pointed, out what you did wrong without causing to much damage because the damage that happened (putting accounts on non-active) you did yourself.

A very important thing to note: I made sure not to touch the collection/attained rating any player had acquired. I didn’t trade away any cards/tickets/booster nor did I join any events.”

I hope this clears things up and might stop people worrying about their possibly lost cards/tickets or acquired rating. I hope that you see the greater goal behind this phishing scam instead of getting mad, because if I didn’t do it someone else could’ve done it too and that person might have fucked around with the information in a much worse way then I did.

So I hope that everyone’s account gets unlocked fast and I apologize for any trouble I might have caused.
Greetings!

So here’s the problem: you have absolutely no credibility. None. Whether you became fearful of the repercussions after the fact, or you genuinely wanted only to prove that it was possible to gain account information, you procured said information under false pretense and used it. Regardless of your intent —which we can argue was unjust, as you have stated multiple times that you verified the accounts, which can only be done by logging in with the username and password— you have committed fraud and I fully expect that you are prosecuted to the fullest extent.

It is regrettable that Wizards has yet to comment on this fiasco. Hopefully it will be handled better than Sony handled the hacking of their network, but only time will tell. I’m not in this for compensation in the way of product or money. I’ll be happy with an assurance that this was an isolated incident, that it will not happen again, and that they are exerting every possible ounce of energy into finding the culprit and pursuing justice for those that fell prey to this attack.

I cannot stress enough that your information is sacred. Just as we were taught as children to not allow strangers into our personal space, don’t feel compelled to share any personal information unless the site is secure and verified beforehand. Even then, if someone is asking you for a password, expect the worst.

Update 4/3/2012:
Last night, an email was sent by Wizards of the Coast addressing the issue. Pretty standard fare, but it has sound advice for all internet users. Sounds like the accounts that were locked will receive additional communication, but the rest of us will be in the dark about the outcome of their investigation.

On March 29, 2012, the Magic Online QA team sent out an email announcing the Innistrad Beta Event offered over the weekend of March 30 through April 1. That announcement inadvertently displayed player email addresses to other players on the email distribution list. Your email address has been identified as one that was part of that distribution list and may have been compromised.

Our primary concern at this time is regarding players who received a Beta Survey Reminder email on Sunday, April 1st. This email was NOT an official email from Wizards of the Coast and was an attempt to gain access to player account information through a link to a fake survey that asked for your account password in addition to your Magic Online account name.

If you completed a survey that asked you for your Magic Online account password, please take a moment to log into the email account associated with your Magic Online account and change the password. In addition, if you share your Magic Online password with any other systems, programs, or websites, we recommend that you change those passwords as well.

In order to protect our players and their accounts during our investigation of this incident, we have temporarily disabled all Magic Online accounts that were potentially at risk. If your account has been disabled, our Game Support team will be in contact with you as soon as possible to resolve this issue. You may also contact Wizards directly, by going to www.wizards.com/customerservice and clicking the “Email Us” tab or calling 800-324-6496 from the United States (or 425-204-8069 from outside of the United States) between 9:00 AM to 6:00 PM PDT (16:00 – 01:00 UTC), and request your account be reactivated.

Protecting your information is our highest priority, and we want to assure you that we are taking steps to ensure that this does not happen again. We want to take this time to remind you that there are several simple steps you can take to protect yourself and your Magic Online account in the future.

1. Password Security: Never share your password with anyone. Employees and representatives of Wizards of the Coast will NEVER ask you for your password under any circumstance. If someone who claims to be an official Wizards of the Coast or Magic Online employee or representative asks for your password, please report it immediately to http://wizards.custhelp.com/app/answers/detail/a_id/1236/kw/suspicious%20behavior.

2. Do Not Accept “Official” Emails at Face Value: If you receive an email that is supposedly from Wizards of the Coast, take the time to check who sent it. Does it come from a “@wizards.com” address? If not, then it is definitely not an official email from Wizards. If the email asks for your password, offers you free cards, or otherwise says something suspicious, do not fall for it. Forward any such emails tospoof@wizards.com immediately or report them via our Report Suspicious Activity link: http://wizards.custhelp.com/app/answers/detail/a_id/1236/kw/suspicious%20behavior.

3. Protect Yourself from Scams: Be careful that you always know what site you are on when browsing for Magic info. Wizards of the Coast publishes the official Magic: The Gathering website and theMagic: The Gathering Online game. There are no sanctioned cheats, hacks, mods, bots, or any other kind of attachments for Magic Online. Other websites proclaiming to be “official” or “authorized” are likely scams.

By following a few basic steps, you can help protect yourself and your Magic Online account and focus on what Magic: The Gathering is all about: having fun! If you have any questions, please do not hesitate to contact Game Support by going to www.wizards.com/customerservice and clicking the “Email Us” tab or calling 800-324-6496 from the United States (or 425-204-8069 from outside of the United States). Our hours are 9:00 AM to 6:00 PM PDT (16:00 – 01:00 UTC).

Again, we apologize for any inconvenience and thank you for your patience while we resolve this matter,

The Magic Online Team