Doh

So some crackers have managed to take over an email address shown in the Simpsons. (Read the Register's take on it here). So a few years ago the folks behind the Simpsons shows Homer's email address (Chunkylover53@aol.com), smartly the writers actually registered this screenname to stop any crackers from exploiting it. The writers then replied (in the style of Homer) to anyone who emailed him, however eventually (and unsuprisingly) the work load got too much so they let the account become inactive. Enter some crackers who resurected the account and used it to send links to people who had added Homer to their buddy list in AIM, links to sites which contain malware.

So what lessons could be learnt? TV/film companies already have some phone numbers dedicated for screen use, numbers which when called will never be connected to anyone or anything, could such a system be used for web address / email? I don't think so, although RFC 2606 allows for some domain names to never be used, the list of these domains is not exactly appealing, homer@example.com? How about homer@simpson.invalid? not exactly addresses they'll want to show.

It could be said that the writers should never have let the account become inactive, perhaps clearing it out and sending 1 (yes just one) email a month to protect against this. However that would hardly have solved the problem for long once the Simpsons finishes (and it will at some point, every (well except the news) show does), in which case the crackers would have just tried it then.

I think the issue is with the users (and in this case can only be with them), yes it's funny/amusing to exchange emails and IMs with a cartoon character but once eneryt so often go through your friends list and delete inactive ones, it'll protect you from things like this and make it easier to find your real life friends rather than your imaginary ones.