A New Way To Foil Keyloggers?

PC Tools has released a new version of Spyware Doctor, 3.2, with what it calls “groundbreaking Keylogger Guard technology that protects users from identity thieves”. A press release says:

Existing solutions can allow keylogger threats to run undetected for weeks or months by which time the damage is already done. Spyware Doctor 3.2’s Keylogger Guard detects and removes keylogger threats in real-time before they are able to steal personal information.

It does this by looking at “behavior rather than signatures….Keylogger Guard detects the behavior immediately, blocking keyloggers from installing on the user’s system and protecting customers right away, not weeks or months too late.”

Sounds interesting, although I’m not sure it’s exactly groundbreaking. Or is it? A trial version of Spyware Doctor 3.2 can be downloaded at www.pctools.com and costs $30.

What’s The Difference Between A Search Engine, A Search Destination And A Portal?

LookSmart has today unveiled some more focused search engines, according to a press release from the company:

It calls them ‘vertical search destinations’ to ‘provide niche audiences with essential search results, versus the typically exhaustive returns from other search engines’:

Two additional resources are dedicated to parents:

Here’s LookSmart’s philosophy: “LookSmart believes that search on the Web will become increasingly vertical and personal. Consumers turn to the Web in search of essential content, be it related to a hobby, work or education,” says Debby Richman, senior vice president of consumer products for LookSmart.

The idea is to ‘tightly integrate’ these engines, or ‘destinations’ (kinda blurs the distinction between a search engine and a portal, eh folks?) via Furl, LookSmart’s consumer online filing cabinet. I’m not quite clear how that tight integration is going to work, but it will be interesting to watch.

News, And Tumbling Words

An interesting way of looking at news: 10×10 / 100 Words and Pictures that Define the Time / by Jonathan J. Harris:

Every hour, 10×10 scans the RSS feeds of several leading international news sources, and performs an elaborate process of weighted linguistic analysis on the text contained in their top news stories. After this process, conclusions are automatically drawn about the hour’s most important words. The top 100 words are chosen, along with 100 corresponding images, culled from the source news stories. At the end of each day, month, and year, 10×10 looks back through its archives to conclude the top 100 words for the given time period. In this way, a constantly evolving record of our world is formed, based on prominent world events, without any human input.

It’s an intriguing, and surprisingly moving, glimpse of world events (especially if you look at something like the tsunami — the pictures, even as thumbnails, are harrowing, and the key words tumble down the right hand side of the screen like billboards at a wake.

It doesn’t help us learn the news very much, but it somehow puts it in perspective. And, with despite the large number of small thumbnails, you somehow know what it is you’re looking at. I don’t want to sound too arty here (too late — Ed) but I’m a fan of anything that makes us see the daily digest of depressing news in a way that cuts through our defences a little.

(Thanks, David. )

OK, That’s Enough Bluetooth Monday Jokes

One of my favourite bands from the early 1980s, New Order, are promoting their upcoming album, Waiting for the Sirens Call, (due to be launched this coming week) via Bluetooth. They are displaying, in the words of Engadget:

digital interactive posters offering song clips, ringtones and photos that can be beamed directly to fans’ cellphones. The posters use both infrared and Bluetooth to send the data directly to phones, bypassing network charges to fans or to the band’s label, and making New Order to first group to hand out free music clips direct to cellphones.

The service is, I believe, provided by a company called Hypertag which spells out its vision on its website:  We have a vision that every advertising poster or marketing display will be tagged with a Hypertag. This will enable consumers to engage and interact with your brand. The company tried the tags out last November on London Transport posters that allowed users to get a phone number for safe travel information beamed direct to their mobile phones.

As Forrester Research points outthis innovative promotion underlines the opportunities that connected devices present; gives another (temporary) boost to the Bluetooth standard; and demonstrates that operators are continuing to struggle to drive network data traffic.

There’s an account of how well it works by Robert Price here, along with a picture. An interesting feature of this, and a reason why I don’t think this kind of thing will catch on, is in the message on the bottom of the poster: Please be vigilant when using your mobile phone in public places. For it to work via Bluetooth, you have to stand near the poster and switch Bluetooth on. Then you’ll get a message asking if you want to receive an incoming Bluetooth connection. Say yes and you get the ringtone, but you don’t need to be Bruce Schneier to figure out how this could be abused.

Bluetooth seems like a good way of doing this kind of thing, but the security implications are stronger than the commercial benefits, I believe. Set your Bluetooth to ‘always available’ at your peril.

Sparking The Wi-Fi Revolution

Glancing at the charts on JiWire’s newlook website of the top 10 Wi-Fi countries and cities, I wondered whether it was worth taking a closer look at the figures to see if there’s any conclusions we could draw about the wireless revolution.

The figures only include those commercially available hotspots, as far as I can figure out. But they’re still interesting. In sheer numbers London Wifi london is way ahead with more than 1,200 hotspots, followed by Tokyo (904) Wifi tokyo and New York (851) Wifi ny. But all these cities are different sizes. How about hotspots per capita? Taking populations of the metropolitan areas of these cities things look a bit different.

If the figures are correct, then Paris has by far the most hotspots Wifi paris with about 35 per 100,000 people, followed by London Wifi london 2 with about 17 and Singapore Wifi singapore with just under 16. Of U.S. cities, Chicago Wifi chicago comes out ahead of New York Wifi ny 2 and San Francisco Wifi sf.

Aware that by looking at metropolitan areas only these results may be distorted a little, I looked at JiWire’s country figures. The U.S. is way ahead in terms of numbers Wifi us with more than 24,000 hotspots. The UK has less than half that Wifi uk with Japan the only Asian country putting in an appearance Wifi japan in the top 10. But what about when the ‘Hotspot Per 100,000 People’ rule is applied?

Once again things look different. Switzerland, with only 1,300 hotspots, has more than 17 per 100,000 people Wifi swiss which is about the same level of access Londoners have. Indeed, the whole of the UK appears to be pretty well provided for: With nearly 10,000 hotspots, there are more or less the same number of hotspots per 100,000 throughout the country as there are in the capital Wifi uk 2. Elsewhere the picture is less impressive: The U.S. falls into third place Wifi us 2 with exactly half the ratio of hotspots in the UK with Germany Wifi germany France Wifi france and Australia Wifi australia trailing behind. Japan, with less than two hotspots per 100,000 people Wifi japan 2 is clearly not worth traveling around with a Wifi laptop as aren’t Italy Wifi italy and Spain Wifi spain.

And finally, without wanting to be biased, the ‘country’ chart doesn’t include Hong Kong and Singapore, both of them separate adminstrative entities that happen also to be cities. Given that, they both put in a good performance in the ‘country’ chart too, with Singapore Wifi singapore 2 coming only slightly behind Switzerland and UK and Hong Kong Wifi hong kong 2 roughly on a par with Germany.

Conclusion? Looking for a Wifi-friendly place to live outside the U.S.? Try the UK or Switzerland in Europe, and Singapore in Asia.

Phishing Your Yahoo! Account

More evidence that phishers are widening their net. Munir Kotadia of ZDNet Australia reports that Yahoo’s free instant-messaging (IM) service is being targeted by phishers in an attempt to steal usernames, passwords and other personal information.

Yahoo confirmed on Thursday its service was being targeted by a phishing scam. According to the search giant, attackers are sending members a message containing a link to a fake Web site that looks like an official Yahoo site and asks the user to log in by entering their Yahoo ID and password.

The scam is convincing because the original message seems to arrive from someone on the victim’s friends list. Should the recipient of the phishing message enter their details, the attackers can gain access to any personal information stored in their profile and more importantly, the victim’s contact lists.

The bigger point about this is that any kind of password may be enough for the phisher. WIth Yahoo! the successful phisher may be able to get quite a lot of personal data for a future social engineering attack, and may even be able to access payment details such as addresses from within the profile. A phisher could also access the user’s Paypal account, redirect shipments, learn about the user’s investments, impersonate the user in auctions, etc etc. I’m not sure whether the phisher could access credit card details, but it’s feasible, I guess.

Where Did That Email Come From?

An interesting new tool from the guys behind the controversial DidTheyReadIt?: LocationMail. (For some posts on DidTheyReadIt, check out here, here, here and here.)

LocationMail tells you where e-mail was sent from. It uses the most accurate data in the world to analyze your e-mail, trace it, and look up where the sender was when the message was sent. Find out where your friend was when she e-mailed you, or where a business contact is really writing from.

LocationMail integrates seamlessly into Outlook or Outlook Express; once installed, it shows you location information next to each message. LocationMail shows the City, State, Country, Company, ISP, and Connection Speed of the sender.

Installs painlessly into Outlook but crashed my Outlook Express. In Outlook a popup window appears with details of where the email was sent from, including the company, location, connection type, domain and IP address. LocationMail does this by using what it thinks is the IP address of the sender and running it through data from DigitalEnvoy and IP registrars. (A fuller explanation is here.) The makers hope to target a range of customers:

With phishing and other forms of Internet fraud becoming more and more problematic, LocationMail protects you from e-mail based frauds. The program can tell you if an email you seemingly received from your local bank was actually sent from a location half way around the globe. By instantly tracing the source of your emails, LocationMail helps keeps you safe from identify thieves. LocationMail lets you identify and eliminate fraudulent transactions from eBay and other Internet-based auction houses.

LocationMail protects companies who accept orders by email. Credit cards are regularly stolen from people in affluent countries, and used for placing online orders by criminals from other countries. By telling you an email’s origination location, the program helps you detect fraudulent inconsistencies.

Whether you’re a business person who wants to keep track of the demographics of prospects and customers, a manager who wants to ensure that incoming email addresses are legitimate and consistent, or a home computer user who is curious about where friends are e-mailing from, LocationMail has the tools that you need.

It costs $30. Another program that does something quite similar is eMailTrackerPro which will also identify the network provider of the sender, including contact information for abuse reporting, and uncovers the ‘misdirection’ tactic commonly used by spammers. Of course, LocationMail may not help that much, since legitimate emails might not, in Internet terms, originate from the place where they should. But it does a pretty good job and is useful if, say, you’re not sure about whether an email is spam or not (it does happen) the fact it originated in Seoul should provide a clue (unless you know lots of people in Seoul, of course).

And most importantly, this isn’t an invasive technology.

Skype Me And A Return To Innocence

Great piece today in The New York Times: ‘Internet Phone Service Creating Chatty Network’ on the openness of Skype users using the SkypeMe function to chat, and be chatted to, by strangers with only a nice chat in mind:

Skype users report unsolicited contacts every day, and contrary to such experiences with phone and e-mail, the calls are often welcomed.

As the author Ethan Todras-Whitehill points out, it’s like putting the clock back but with better features:

It felt like the early days of AOL, another environment in which people contacted others randomly. But voice brings to life the other person in a way that typing cannot, like hearing Mr. Einkamerer laugh at my jokes. The instant-messaging environment is anonymous; with voice, you cannot hide from the other person.

Must confess I haven’t done it, but I think I’ll try. During the short window when it won’t be abused by sleazeballs, marketers and scammers, it might be a nice way to meet interesting new folks.

Your MP3 Player As Your Phone

I’m not convinced that this gadget is exactly the wonder it claims to be, but it’s an interesting fusion of functions. The soon-to-be-launched Ezmax MP3 Player includes a VoIP feature that, in the words of PC World’s Paul Kallender

when the device is linked to an Internet-connected PC via a USB 2.0 port, people can make local and international calls using a microphone that is included in the device’s earphone cord.

I must confess I share some of the skepticism expressed about whether this is a breakthrough product or a gimmick. But there are some interesting elements here that perhaps merit a closer look:

For one, this represents an interesting variation on the idea of USB application drive, where you keep the programs (and not just the data) that you need on a portable drive. (Here’s a discussion of the issue and some examples.) In this role the EZMP-4200P is simply working as portable application device.

But there’s also the built in microphone, which illustrates how the quality of recording, both in terms of input (the microphone) and storage (compression, sampling) have improved. I’m still using my Olympus DM-1 to record interviews but this is old, expensive and stale technology. It would be much better to have the same capability on a key drive (or, as some people do nowadays, their cellphone. iPods are an option, but an extra load.) The existing EZMP-4000 for example, already lets you record your lectures or conferences for up to a maximum of 18 hours(on a basis of 256MB) through a built-in high efficient mike. The USB drive as a good digital recorder. That’s pretty much all a journalist, writer, academic or whatever needs.

Then there’s the idea of identity on a stick. The EZMP-4200P, according to the article, would contain details of the VoIP accounts held by the user, and, while of course it needn’t serve an actual authentication role, it could. Carry your USB drive around, just plug it in to an Internet-connected PC and all your VoIPs accounts synchronise, just like your email, capturing voicemail, letting you make calls etc. Your USB drive would be like a SIM card: Just yours.

So maybe the EZMP isn’t that great a leap in itself, but it’s a sign of the opportunities that USB drives could provide.

The Vulnerability Of VoIP

Listened to an interesting talk by Emmanuel Gadaix of the Telecom Security Task Force at the Bellua Cyber Security Asia 2005 conference in Jakarta. Emmanuel spoke of the security threats to mobile telephony, and while he pointed to the weakness of SS7 signalling — the part of mobile telephony where networks talk to one another — he feels the real threat will come from VoIP. Of Signaling System 7, Emmanuel says: “determined hackers could close down a whole country’s mobile phone network”.

But of VoIP he was more concerned. With many smaller vendors pushing out VoIP services into an already bustling market, vulnerabilities abound: “A lot are still at the beta stage,” he says, “so there will be problems.” And while he stressed that he had noticed that VoIP providers were more aware of security issues than their traditional counterparts, the threat was a significant one. “Full IP telephony will eventually happen,” he says. “And telcos must learn to prevent future threats. You will not be able to ignore them.”

The kind of threats: Denial of service or quality of service attacks, interception of voice traffic, injection of voice traffic (such as SPIT, or voice spam), anonymous and untraceable calls, etc. etc.