More Fun with Unsecure Networks
A few months back it was sweeping the net about unlocked printers that you could find via Google. Well now it's unsecured network cameras. It's a fascinating portal into the mundane lives of others.
January 08, 2005
December 01, 2004
Government Uses Color Laser Printer Technology to Track Documents
"Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printer there that could be used to trace the document back to you."
Nifty.
November 03, 2004
MailFrontier Phishing IQ Test
"Think you can't get caught in the 'phishing' net of online fraud? Dive into our MailFrontier Phishing IQ Test">Phishing IQ Test and find out if you can avoid the hooks of the online crooks. We've put together 10 suspected fraud emails from our collection of millions-all of them real and all of them actually received by real people like you. Click on the link for each question, review the email, read it, and scroll (sorry, no clicking) over its links. Then tell us: Legitimate or Fraud. When you've done all 10, click 'Get Your Score' to find out how well you did. Good luck!"
These phishing attacks are getting more and more realistic looking. For your own protection, take this quiz and see samples of some very sophisticated attacks.
I consider myself pretty net savvy, but still: "You got 8 out of 10 correct, or 80 %." I erred on the side of caution, at least.
September 02, 2004
Marketer Sued for Do-Not-Call Violation
"The Federal Trade Commission, seeking its first civil penalties against a telemarketer for violating the federal do-not-call list, has sued a Las Vegas firm, saying it called more than 300,000 numbers on the registry to sell time-share properties in Atlantic City."
Good!
August 31, 2004
US website offers Caller ID falsification service
"Overdue debtors beware: You may not be able to rely on Caller ID to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller ID spoofing to the business world, beginning with collection agencies and private investigators."
Great, so you might think it's Aunt Martha when in reality it's a debt collector! Not that I have an Aunt Martha nor do I have debt collectors calling, but still!
August 03, 2004
BugMeNot.com
"Bypass Compulsory Web Registration"
Tired of having to register to a site just to read a news article? Check this site out.
July 30, 2004
MS Money Issue Solution
The JAFT Journal: Microsoft's Response to my Money Issue
I posted the fix as a comment to this entry as a public service for those searching the net for a solution. It's nowhere near as painful as I had feared, yet is still secure.
Microsoft's Response to my Money Issue
"Dear Peter,
"Thank you for using Web Support. My name is Jenny, and I'll be assisting you with your case today. "
So far so good.
"After viewing the case log, my understanding is that when trying to sign into Money with your Passport, you receive an error message similar to the following: "The sign-in name you entered is not associated with this file. Please enter the correct sign-in name or open another file." If I have misunderstood, please let me know."
That's accurate. One can imagine the panic I felt as I couldn't open my financial file, particularly as it contains historical data back at least five years, if not more. The Money-generated backup wouldn't open either. My rotated backup would, but I'd been lax in that area and it's two months old. Shame on me! I reorganized the computer setup a couple of months ago and eliminated the auto backup routine I had. Been meaning to get to it, but hey, my important things are backed up manually, like my Money file! Argh!
"If this indeed is the situation, I would like to apologize for the inconvenience this may have caused. We have received feedback from other customers reporting a similar behavior. This matter was immediately reported to the corresponding team for investigation."
Yeah, before I decided to go into hyperventilation mode I checked Google and the MSFT newsgroups. There I discovered that I was far from alone. Although still very annoyed, I felt much better after discovering that it was widespread. Not because I wanted to share the pain, but because I knew that meant that a> it wasn't just me and b> MSFT would work on a fix sooner rather than later.
"Based on their recent feedback, what happened is that on Monday afternoon, we updated one of our servers. This affected the authentication process which caused problems for users who attempted to connect to the server on Tuesday morning."
That jibes with what I've read on the net. I'm amazed that they allowed such a thing to happen, though. What a PR nightmare, assuming this gets more visibility than it currently has.
"I would like to reassure you that we are resolving this issue and it is a top priority for our Product Team."
Well I would hope so! In fact, I'm wondering why the hell it's now five days later and there's no fix. Five days, they know what happened and why it broke, what's the issue? Perhaps this is:
" Please be assured that this error will not affect any of your financial data, and none of your personal information has been compromised. In fact, the result of the situation has been that your information is even more secure."
I laughed out loud at this one. Yeah, it's more secure all right, so secure that the proper owner can't get into it! That's not security, that's, that's, um, er, that's inaccessibility. It's locked and the key has been thrown away.
"Considering the current situation, no action is required on the end user side. Once I receive an update from our Product Group, I will send an email to you immediately. Your patience is highly appreciated."
Good, I don't have to search to see when a fix is posted, they'll email me directly. I'm guessing the delay is because they have to somehow crack the security on the file in order to open it up. This should be interesting. As for my patience, well, I'm doing better than the folks screaming that they're going to move to Quicken, but I'm still in the land of annoyed. However, this is the first issue I've had in 5+ years of use, so I'm inclined to let them fix it and take steps (read 'backups') to avoid such a thing in the future. If it's not resolved by Sunday, though, I'll get annoyed again. 1st day of the month and all.
"Again, we sincerely apologize for any inconvenience and frustration this has caused.
"Best Regards,
"Jenny Zhou
"Microsoft Customer Support Services "
Good closing, appreciated. They've gotten much better since their canned response days. This probably still is one, but at least they hired an actual writer to edit them.
July 23, 2004
Get Ready for the Age of Consumer Monitoring
"They'll track us through our cars and computers. They'll track us through our phones and TVs. They'll even track us through our clothes. I'm not talking about the government. This will be a more insidious form of surveillance. Whether it's by placing cookies on our computers, uploading our TV viewing habits, inserting radio-frequency identification (RFID) chips in every product we pick up from retailers' shelves, or installing GPS devices in our cars, corporate surveillance will become a bigger reality in our everyday lives. So get ready to be monitored."
June 14, 2004
Cell phones -- a blessing and a curse
"Is it barely a generation since phones became mobile? Once the phone booth was the place where Clark Kent could protect his privacy. Now cell- phoners strip in public. City folks who long ago cultivated a way of avoiding eye contact are now supposed to avoid ear contact."
Struck a chord with me, figured I'd share. Yes, I'm guilty of this at times, but at least I feel bad when I'm doing it.
May 07, 2004
Phish This, You Scum
"Imagine you had a Web browser that said when you typed in a new address, "The Internet site you're about to visit is known to steal credit-card numbers and use them in unauthorized ways."
"Now imagine that you can actually use such an application today. It's already been developed and it's being distributed — free.
"The company behind this is Earthlink, one of the largest Internet service providers in the United States. The effort, known as ScamBlocker, is still in its early days, and its database of sites to warn users about is in its infancy. But the idea of fingering scam artists before they can do much damage is fantastic, and there's a very interesting tale behind it."
Great idea, I just wish it didn't a toolbar or other extras that I don't want. Still, worth checking out and sending to those less net savvy.
February 11, 2004
AnonX :: anonymous proxy service
"We are focused on protecting the privacy of our end users by providing multiple secure proxy gateways located around the globe. We use several layers of encryption and masking to protect your privacy on the web. Our services provides a secure gateway by which the subscriber can browse the web, chat, send files and even use peer to peer file sharing applications and yet still remain anonymous. Protecting yourself against unwanted intruders, hackers, thieves, and those that wish to obtain unauthorized access to computer has become a serious problem. We can help you by providing Internet anonymity."
January 06, 2004
You Are Your References
"My sister (who's a brilliant manager and team leader) is looking for a new job. She showed me her résumé a few days ago, and there, in small print at the very bottom, were four words that appear on almost every résumé--and that are now irrelevant: 'References available upon request.'"
Good article about some positive benefits of leaving footprints on the WWW.
Office 2003/XP Add-in: Remove Hidden Data
"With this add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files."
The better way would be to PDF anything that you're publishing, but this tool will work for those that don't have that option.
December 13, 2003
Happy New Year for Spammers
"Since it looks like we're going to have to live with the Can-Spam Act -- or, as I prefer to call it, the 'Yes, You Can Spam Act' -- we might as well see what it's going to be like. Well, two days after Congress passed the law, I received my first spam purporting to be in compliance with it. So that gives us a place to start."
This new law isn't going to help, folks.
October 20, 2003
Smile, you're being watched
"Americans who are being asked to exchange privacy for the promise of security might want to look at Britain. In democratic nations, the balance between liberty and security is a delicate one. American officials would be wise to take note of the wave of indignation sweeping across Britain — or they could soon face a backlash of their own."
The article starts off discussing how Britains are starting to destroy traffic cameras, then offshoots into privacy concerns and Big Brother tactics.
October 13, 2003
Song swappers flock to invitation-only Internet
"Just as Prohibition drove drinkers underground in the roaring '20s, the music industry's crackdown is pushing many song swappers away from the open Internet and into what amount to cyberspace speakeasies."
Not terribly surprising. Anyone want to invite me to one for research purposes?
October 09, 2003
Student faces suit over key to CD locks
"SunnComm Technologies, a developer of CD antipiracy technology, said Thursday that it will likely sue a Princeton student who early this week showed how to evade the company's copy protection by pushing a computer's Shift key."
These lawsuits get more and more ridiculous.
October 08, 2003
You've got mail -- and the boss knows
"More than nine out of 10 (92 percent) managers check up on their employees' use of e-mail and the Internet at work, according to a new survey of 192 companies by Bentley College's Center for Business Ethics."
Ouch. Odds are you're monitored, then. Another good reason to keep personal email seperate from business.
October 07, 2003
RBOCs stand tall against recording industry
"I usually don't say nice things about telcos. And I almost never say nice things about their lawyers. But here I'll do both: Kudos to the lawyers at Verizon and SBC for opposing the Recording Industry Association of America's request that the telcos compromise the privacy of their customers. Way to go, guys."
October 03, 2003
The Do Not Call Squall
The constitutional smack-down at the heart of Do Not Call
"The debate over the on-again/off-again national Do Not Call list—created this year by the Federal Trade Commission, invalidated last week by Judge Lee West in Oklahoma, reauthorized by Congress a day later, invalidated again by a Denver judge, and launched nonetheless Wednesday by the Federal Communications Commission (without benefit of the actual list itself, which is still in the hands of the FTC)—boils down to the following thought game: Which should be more absolute, the constitutional right to be left alone in your home or the constitutional right to free speech? The 50 million Americans who signed up for the registry are of the impression that the former value is more compelling. Federal District Judge Edward Nottingham (who signed up for the registry, by the way) believes the latter should trump."
September 30, 2003
Feds step in to enforce Do Not Call list
"President Bush on Monday signed legislation establishing the National Do Not Call Registry, and the Federal Communications Commission said it will start enforcing it Wednesday despite recent court rulings putting it on hold."
September 27, 2003
Squashing spam
"Like, I suspect, many of you, I get a lot of spam. On weekdays, I average around 400 e-mails per day, many of them consolidated digests containing numerous postings to the discussion lists to which I subscribe."
I could have written that myself, as it describes my situation almost exactly. In fact, the open source software he ends up using, SpamBayes, is the solution I settled upon myself.
September 26, 2003
The DMA makes a statement
THE DMA COMMITS TO RESOLVE CONSTITUTIONAL AND STATUTORY ISSUES RAISED BY FEDERAL COURTS
“While at this time, it is uncertain what will happen on October 1 when the FTC’s no-call system is supposed to take effect, The DMA remains committed to respecting consumer trust and the wishes of all consumers no matter how those wishes have been expressed. Consumers must come first. We will listen to consumers.”
Omigod. So, in essence, you'll listen and not call people that don't want to be called, but you'll continue to sue for the right to call said people?
My head hurts. I'm definitely going low tech (and going off) on the first call I get after Oct 1, regardless of what happens in the courts.
Do Not Call list in legal limbo
"The fate of the Federal Trade Commission’s Do Not Call Registry appeared to be uncertain Friday, as the agency weighed its options to fight a federal court injunction barring launch of the anti-telemarketing list next week. Legal experts expect the U.S. Supreme Court to take up a Denver judge’s order, which sides with telemarketer’s arguments that their First Amendment rights have been violated. Ironically, when the do-not-call gets its day in court, the case will turn on a distinction made between commercial and non-profit telemarketing calls — a distinction the FTC included to avoid First Amendment issues."
Oh geez. So one judge blocks it on one set of grounds, Congress quickly works to legalize it, then another judge blocks it on another set of grounds! What the hell? I'm starting to think it'd be easier to just say "f__k off" and hang up!
September 25, 2003
United States Patent Application: 0030163689
"In a method for increasing peer privacy, a request for a data is received from a data requester and the data is stored at a data provider. A plurality of peers are selected to form a path, where the data provider and the data requestor are the respective ends of the path. A mix is generated according to the path and the mix is transmitted to the data provider."
In other words, secure and anonymous P2P software. Take that, RIAA!
House votes to launch Do-Not-Call list
"The House approved legislation Thursday aimed at ensuring the national "do-not-call" list goes into effect as scheduled next week so consumers can block many unwanted telemarketing sales pitches."
See? Politicians can work fast when they are so inclined.
Rescue the do-not-call list
"The do-not-call list is sidelined on a technicality, but it's not gone for good -- if you and the 50 million other Americans who signed up let your lawmakers know where you stand."
Use the article's provided links to let your congressmen know your opinion.
September 24, 2003
Court blocks "Do Not Call" list
"A federal judge has ruled that the Federal Trade Commission overstepped its authority in creating a national do-not-call list against telemarketers. The ruling came in a lawsuit brought by telemarketers who challenged the list, comprised of names of people who do not want to receive business solicitation calls. The immediate impact of Tuesday's ruling was not clear."
I'll tell you the immediate impact: about 50 million people are going to be rather ticked off! Bad enough that ti's only going to be about 25% effective, now we might not even get that. I say we submit the judge's phone number and those of all involved attorneys to the "call me constantly" list.
UPDATE: Here's the Judge's phone number, Judge West: (405) 609-5140. Be sure to express your outrage. Also, here's the body that sued on behalf of the telemarketers: American Teleservices Association: (866) 500-4272. Enjoy!
September 23, 2003
Where "Do Not Call" Does Not Count
"Surprise! The FTC's hugely popular registry is expected to block just 25% of telemarketing. The rest is up to you."
I figured as much, although I had hoped for a little bit more. The "Private Citizen" group mentioned, now that looks promising. Might be worth the $20.
July 02, 2003
The down side to the National DNC list
And we thought spam was getting bad now!
June 27, 2003
National Do Not Call Registry
"Most telemarketers cannot call your telephone number if it is in the National Do Not Call Registry. You can register your home and mobile phone numbers for free. Your registration will be effective for five years." - You can also call 1-888-382-1222, but only from the phone you wish to block, as they use ANI (Automatic Number Identification, think Caller ID) to verify the number. That substitutes for the email address portion, which is only a verification step. I read the Privacy Policy on the site; they don’t associate the email address with the telephone number and, also, don’t share it. It’s just used to send the verification link, which is a randomly generated link.
June 20, 2003
Best Buy responds to email hoax
I've been getting a ton of emails claiming to be from the Best Buy Fraud Department regarding an order I've placed. It asks me to click a link and then fill out some information, including credit card info and SSN.
Um, yeah, right. There are *so* many things wrong with that! Let's see: I haven't placed an order with BestBuy online in quite some time, the emails aren't from a BestBuy domain (in fact, they're pretty much all over the place), the embedded links don't point to BestBuy, there's no way in hell I'm going to respond to an unsolicited request for CC and SSN info, and so on.
Best Buy responded recently by sending an email to, apparently, every single email address they've ever stored/mined/received. Normally I'd say that's a bad thing, but in this case it is understandable, particularly with the disclaimer they put at the bottom.
However, they still did some things wrong, IMHO. Here is my response to the email, which I sent directly to Best Buy:
June 13, 2003
A way to sue the RIAA?
Seems reasonable to me, especially in light of things like this!
May 25, 2003
A Nation of Voyeurs
"How the Internet search engine Google is changing what we can find out about one another - and raising questions about whether we should. Michael is a clean-cut 34-year-old working in a professional job at a Boston medical school. You'd never know he did time for burglary and is a former drug addict. Well, actually, you would if you Googled him. Go to the Google.com home page and type in Michael's name (for obvious reasons, we are not including his last name here). That simple step produces more than 100 links to documents written by and about Michael. The search, Google proudly notes, takes just a 10th of a second." - This article discusses how search engines such as Google are changing the ways that we can find out information about others. Read (or skim, it's lengthy) the article, then go Google yourself. Sure, you've done it before, it's common enough, but this time do it as if you were a potential employer (or date) looking to find out your background.
Boston Globe Online / Magazine
May 21, 2003
DMCA is coming to a state near you
"Walk softly and don't let anyone beat you over the head with your own stick. The "Mini-DMCA" laws that are pending in several states and passed in others, appear to be garnering more headlines lately. I talked a bit about the topic earlier this year, but I think it's important to bring it up again."
Randy Nieland of Lockergnome takes a good luck at some of the pending "DMCA" laws that are working their way across the states. If you've only heard bits and pieces about this legislation, I suggest giving this a read.
And yes, I'm pretty much against them.
20030520 Lockergnome Tech Specialist (scroll about half way down)
May 10, 2003
Password Myths
"With all of our advances in security technology, one aspect remains constant: passwords still play a central role in system security. The difficulty with passwords is that all too often they are the easiest security mechanism to defeat. Although we can use technology and policy to make passwords stronger, we are still fighting the weakest point in any system: the human element." - When's the last time you changed your email password?
Site Security
"Consider this scenario: you build a Web site that requires some kind of user log-in. You allow users to create usernames and passwords and require a valid username and password to get in to your site. But is your Web site authentication scheme secure? Every time I register at a site, I marvel at the consistently laughable - sometimes pathetic - security among even the world's largest Web sites. As the Web becomes more a part of our personal lives, the threat of fraud and identity theft grows accordingly."
Good article on Username and Password do's and dont's for site designers. Worth reading by end users too, as security is everyone's responsibility.
May 09, 2003
Random eBay Feedback
This is a guy who leaves random feedback on eBay. On the one hand it’s very amusing; on the other, though, its rather concerning that someone is able to leave feedback to a seller with whom he never conducted business! I didn’t even know that was possible.
Jon Udell: SpamBayes rocks
"SpamBayes with Outlook Addin - In an upcoming InfoWorld article, which will post next Friday and appear in print the following week, I review the SpamBayes filtering engine and Mark Hammond's brilliant Outlook addin. Thanks to this remarkable open source duo, I am ready to declare victory on spam." - As you might guess by the name, this filter uses Bayesian techniques. This is the same technique used by Outlook 2003 and I'm really starting to believe that this is the way to go in the fight against spam.
Anyway, glance at Jon's comments and follow the links to SpamBayes. I'll alert you when the full article posts.
April 07, 2003
Ever wonder how spammers get your email address?
Not surprisingly, the worst place to put your email address is on a web site or in a USENET newsgroup.
Why Am I Getting All This Spam?
Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as "spam." Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address?
March 28, 2003
Use a Firewall, Go to Jail
Boy, if you thought the Digital Millennium Copyright Act (DMCA) was bad, take a look at this bill working its way through several state congresses. I encourage everyone to let their representatives know that this is a very very bad idea.
January 06, 2003
Another Stalker Tool
Adventure GPS Products - ATTI Shadow Tracker Jr.
The Shadow Trackerâ„¢ Jr. will passively record the travel information for each of your vehicles. This includes locations, time in traveling and at stops, and vehicle speeds. When the vehicle returns and you retrieve the Shadow Tracker Jr., simply connect it to your office PC and download all relevant travel information for your analysis and business records.
Need to Stalk Someone?
Designed to be concealed under the rear of the vehicle, the miniature-sized GPS-2 is a tiny computer housed in a weatherproof enclosure that rides aboard the vehicle telling you the exact whereabouts of the driver/vehicle, including the address of each destination (within 50'), names of streets traveled, how long the vehicle remained at each location, and if the driver was speeding.
Big Brother Wants YOU
They mention some scary stuff being developed. Skim the article and look at the embedded links. I'll feature a couple here.
George Orwell, here we come - Tech News - CNET.com
The biggest problem with criticism of Adm. John Poindexter's massive spy proposal is not in the argument over the system being so darn creepy.
Of course it's creepy. This new federal agency deliberately chose the motto "knowledge is power," crafted a logo certain to inspire conspiracy theories, and is itching to assemble a detailed computerized dossier on every American. And that a figure such as Poindexter--disgraced in the Iran-Contra scandal and with a database addiction dating back to at least 1987--is running the show is a detail worthy of a Jonathan Swift satire.