I just got off the phone with Mr. James Sullivan, whose name has been used to plaster malicious cross-site scripts across the Internet and especially on Movable Type-based blogs. Unless he's an exceptional actor, Mr. Sullivan is not actually responsible for this spam. He's a victim of a particularly vicious identity theft, one which he seemed barely able to comprehend.
I introduced myself as a tech journalist from Washington, DC--technically true, and it's much less confrontational. Do you own usuc.us? I asked him. "I don't even know how to put up a web site," he said. "Why are all these people calling me?" Briefly, I tried to explain what was going on, including the porn site. "Don't visit it," I said, "it just opens straight to dirty pictures." Mr. Sullivan noted that he had no intentions of visiting a porn site--although, granted, his wife was in the room.
This led to the question of how he was going to fix this. He's going to the cops tomorrow, he said. "Well," I said, "this may be a federal matter, to be honest with you." "The feds?" he exclaimed with a big-government skepticism that I'm sure does Colorado proud. Yes, the feds, I said, and also said he'd probably have to check with InterNIC and ICANN.
"I thought I was going to have to call Al Gore!"
"No, Mr. Sullivan. He only invented the Internet, he doesn't fix it."
So there you have it. I'm sure it's a small consolation for the people who, unlike me, faced serious problems as a result of the scriptbots working in Mr. Sullivan's name. But at least all the scripts did is mess up a few web pages. Mr. Sullivan will probably be getting phone calls off and on for a while to come. I think he's gotten the shorter end of the stick.