Facebook Scams: Not Out of the Woods

Facebook may have just won a theoretical warchest from a spammer, but it’s not put its house in order when it comes to scams. Indeed, I suspect they’re getting worse. Now you can get infected without even having to visit your Facebook account.

What happens is that, if you have set your profile to receive email updates when someone sends you a message on Facebook, these trojan scams actually make their way direct into your inbox. Facebook is just the vector:

Here’s a message, as it looks in Gmail:

image

Click on that link and it takes you, not to the Facebook message page, but straight to the dodgy website. In this case the website is still active. It will have a name like YuoTube:

image

and a YouTube-like interface:

image

The message in the ‘player’ says “Your version of Flash Player is out of date.” Without you doing anything the download window will appear:

image

Of course, if you install that you’re in trouble. But are you in trouble if you’ve already visited the page? I’m still working on that.

The Undignified Death of Social Networks

I’m intrigued, and slightly depressed, at how social networking sites deteriorate so quickly into what are little more than scams. I think it started about a year ago, when a number of sites started pulling the stops out to build up membership.

Now, it seems, it’s all about the money. Take Quechup, for example, which has never had a very good reputation, though some say it’s undeserved. I don’t think anyone would try to argue that now.

I opened an account at Quechup about a year ago, and left it, with no friends. no connections, no activity (a bit like my real life.) I didn’t get anything until last month. In the past month I’ve received more than 30 messages. All of them from people I don’t know; all of them, from the subject line, spam:

image

So what’s the scam, then?

Well, if you’re fool enough to open one of these messages, that’s your limit. Suddenly your inbox looks like this:

image

The message is basically that you can’t open any messages until you upgrade your membership:

image 

Upgrading, of course, costs. Not a lot, but if you’re curious to find out who’s been scamming you, sorry, flirting with you, you have to cough up:

image

My question is this: Who is behind the spam in my inbox?

Admittedly, my profile is a bit provocative:

image

Still. One can’t help feeling that either the spam is being allowed by Quechup as a money-making exercise, or, the only other explanation I can think of, it’s spamming its members with silly messages in the hope they’ll be curious enough to upgrade and read them.

Either way, it’s a social network that’s dead from the neck up.

Sad, really.

Nightmare on Spyware Street

A case in Connecticut has exposed the legal dangers of not protecting your computer against spyware, as well as our vulnerability at the hands of incompetent law-enforcement officers.

Teacher Julie Amero found herself in a nightmare after spyware on her school computer popped up pornographic images in front of students. Instead of realising this was spyware at work, the state accused her of putting them there and forcing her pupils to watch.

In June of 2007, Judge Hillary B. Strackbein tossed out Amero’s conviction on charges that she intentionally caused a stream of “pop-up” pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on “erroneous” and “false information.”

But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made — even after computer experts from around the country demonstrated that Amero’s computer had been infected by “spyware.”

It seems the nightmare may be coming to an end, but not without a price. She’s had to admit to one misdemeanour charge and surrender her teaching licence. She’s also been hospitalized for stress and heart problems.

The lesson? This was a school computer, and it seems the school failed to install the necessary updates and protection to prevent the spyware from loading itself. That’s probably something Amero should be exploring with her lawyers.

But there’s a bigger issue. We need, as individuals, to take more reponsibility for the computers we use—to learn the basics of protecting them from attacks, and to be able to at least identify what the problem is when something like this happens. It may have taken a techie guy to clean the computer in this case (I admit spyware is really hard to get rid of) but knowing, roughly, what the problem is should be the bare minimum of our working knowledge of the computers we use.

Connecticut drops felony charges against Julie Amero, four years after her arrest – Rick Green | CT Confidential

Puppy Love, Army Trojans and Perfecting the Phone Call

I make an appearance on the excellent Breakfast Club show on Radio Australia each Friday at about 01:15 GMT and some listeners have asked me post links to the stuff I talk about, so here they are.

Love on the net

Teenage social networking isn’t so bad, according to the MacArthur Foundation. According to the lead researcher on the project, called the Digital Youth Project, “their participation is giving them the technological skills and literacy they need to succeed in the contemporary world. They’re learning how to get along with others, how to manage a public identity, how to create a home page.”

The study, part of a $50 million project on digital and media learning, used several teams of researchers to interview more than 800 young people and their parents and to observe teenagers online for more than 5,000 hours.

The bit I like in the NYT report is the shameless flirting that goes on, cleverly disguised:

First, the girl posted a message saying, “hey … hm. wut to say? iono lol/well I left you a comment … u sud feel SPECIAL haha.” A day later, the boy replied, “hello there … umm I don’t know what to say, but at least I wrote something …”

U.S. Military Under Attack

Spooked by the rapid spread of a worm called Agent.btz, the U.S. military has banned everything from external hard drives to “floppy disks.”

USBs are a problem: Lenovo this week offered a software package to XP users with a Trojan dropper called Meredrop, found in one of the drivers.

And Telstra earlier this year handed out USB drives at a security conference that were infected with malware.

Could it be China?  The conclusions reached in this year’s US-China Economic and Security Review are far more dramatic than before. In 2007, it says, about 5m computers in the US were the targets of 43,880 incidents of malicious activity — a rise of almost a third on the previous year.

Much of the activity is likely to emanate from groups of hackers, but the lines between private espionage and government-sponsored operations are blurred. Some 250 hacker groups are tolerated, and may even be encouraged, by Beijing to invade computer networks. Individual hackers are also being trained in cyber operations at Chinese military bases.

 

How to Make the Perfect Phone Call

According to the UK Post Office, the perfect phone call should last nine minutes, 36 seconds and contain a mix of chat about family news, current affairs, personal problems and the weather.

Three minutes of that should be spent catching up with news about family and friends, one minute on personal problems, a minute on work/school, 42 seconds on current affairs and 24 seconds on the weather. Chat about the opposite sex should last 24 seconds. 12 seconds of every call should be set aside for a little quiet contemplation.

One in five people said they spent most time on the phone to their mother. The research, by the Post Office, revealed that the phrase “I’ll get your mother” is common. Only three per cent of people named their father as the person they spent most time on the phone with.

Susan042764

“Please help!,” she writes. “I took my husband’s iPhone and found a raunchy picture of him attached to an email to a woman in his sent email file. When I approached him about this, he admitted that he took the picture, but says that he never sent it to anyone.

“He claims that he went to the Genius Bar at the local Apple store and they told him it is an iPhone glitch – that photos sometimes automatically attach themselves to an email address and appear in the sent folder, even though no email was ever sent.

“Has anyone ever heard of this happening?,” she asks. “The future of my marriage depends on this answer!” Read more here.

Think Hard Before You Get Linked In

I’ve been trying to remove a contact on LinkedIn who proudly claims to be one of the best linked people on the planet. Why that’s a good thing I’m not sure, but I noticed I was getting LinkedIn spam—spam to my own email address, but coming via LinkedIn–from this person, so I tried to remove him

Turns out that it wasn’t enough. This morning I got an email from another guy claiming to be the best connected person on the planet (“(he is one of the most linked people in the world”) who said I had been referred to him by none other than the LinkedIn spammer guy I thought I’d removed eight months ago. He wrote:

If so, then please accept my connection request. Since I presently have over 8,900 first tier connections, I cannot send an invitation to you because I have exceeded my limit. Therefore, to connect with me and to benefit from the millions of total connections that I have, click here: [LINK DELETED] and enter my email address [EMAIL DELETED].

So what gives? How come someone I removed from my LinkedIn network is able to refer me to someone else who has somehow been able to get my email address despite not being my buddy, nor connected to a buddy of mine? I’m asking LinkedIn about this, but I also wanted to know what happened to the original spammer I’d deleted. Was he still in my system?

Turns out he is.

Removing a connection in LinkedIn is not, it turns out, the same as removing a contact. It seems to work like this (and I might be wrong, because the explanations on LinkedIn are contradictory.)

The FAQ says you remove a connection via the Remove Connections link:

image

which takes you to a separate list:

image

What you’ll notice about this list is that, unlike your Connections list, it’s not alphabetical. Well it is, in that you can jump straight to a letter (M, say) but within that list the contacts are not in sub-alphabetical order. A cynic would say this is an extra deterrent to connection-pruning, but I’m not a cynic so I won’t say that.

But you might notice this:

image

Huh? Good that the connection won’t be notified that they’ve fallen off your Christmas card list, but how come they’ll still be on my list of contacts? And  how does it square with this other note, on the same page, that says:

Note that once this action is completed this individual will not be able to be added back as a connection.

So the person you’ve gone to all this trouble to remove will still be in your contact list—no way that I can see of removing them from there—but you can’t change your mind and then re-add them back as connection. You can, however, re-invite them, and, indeed, they will remain in your contact list as a constant reminder.

(Just out of interest, how do you re-invite someone to be a connection who didn’t know you’d banished them before? How do you explain that, exactly? “Sorry, I hated you before, but now I don’t hate you anymore?” Could be a good lyric in there.)

Confused? So am I? But here’s the kicker: Does the fact that he’s still in my contacts, and that he’s out there, apparently, recommending me to other LinkedIn spammers, mean I’m still in the LinkedIn spammer’s list of connections?

I suspect it does, because he’s still in my list of connections (but not in my Remove Connections list, if you’re still with me) and he’s still listed as 1st in my list of connections—meaning we still have a connection.

In other words, unless this is a glitch, it is impossible to remove a connection from LinkedIn once you’ve established one.

I’m going to ask LinkedIn to shed light on this. But if it’s true, it should give you pause for thought before you accept a connection via the otherwise useful service. It’s one thing to build one’s network. It’s another to find you have no control over that network—and who in that network might use the information you put there—once it’s built.

The Lost World of Yahoo

This piece was written for a commentary on the BBC World Service Business Daily about Jerry Yang’s decision to resign as CEO.

Back in the early days of the World Wide Web there was really only one name. Yahoo. You could tell it was big because it was what you’d type in your browser to see if your computer was connected to the Internet.

Without fail: Yahoo.com. It’s been around since 1994, since Jerry Yang and David Filo, two grad students at Stanford, built a list of interesting websites, a sort of yellow pages for the Internet. They called it, first, Jerry’s Guide to the World Wide Web, and then Yahoo. By the end of 1994 it had a million hits. By 1996 it had gone public.

And, I reckon, it’s been slightly lost ever since.

Not that you’d know that from the figures. It’s the most popular website in the world. Nearly half that traffic is actually email, according to Alexa, a website that tracks this kind of thing. Nearly everyone on the planet, it seems, has a Yahoo email address.

But there’s also other stuff: search, news, auctions, finance, groups, chat, games, movies, sports. And Yahoo has been pretty consistent for the 14 years of its life: If you look at its homepage, the place where you’d land if you typed in yahoo.com, it wouldn’t look that different in 1995 to what it looked like in 2005. The familiar red Yahoo logo at the top of the page, a little search box, and then some links to directories.

But since then things have got more complicated. The guys at Google made a better search engine, so much so that their name has become a verb, a shorthand way of saying “look up something or someone on the Internet.”

That kind of left Yahoo behind. So far, I’ve not heard Yahoo used as a verb, or a noun, at least in a positive way. And Google also figured out how to make money from it, which stole another bit of Yahoo’s thunder.

But it hasn’t stopped there. Internet speeds have got faster. We’re now connected most of the time, via computer or cellphone. Upstart bloggers have toppled big media conglomerates. So now all the big players—Microsoft, Google, Yahoo—are not quite sure what they are: Media companies? Advertising companies? Software services company? A mix of all three?

So it’s no surprise that Jerry Yang has been unable to articulate what, exactly Yahoo itself is. If you’re not sure what your company is, never mind that you founded it, you shouldn’t be sitting in the CEO’s chair.

The truth is that there are two Yahoos. Ask an ordinary user and they’ll know about Yahoo. The email program. The instant messenger. The news portal. To millions of people Yahoo is comfortable and familiar.

Ask a geek and they’ll talk about another Yahoo: all the cool stuff the company engineers are doing. Pipes, which lets you mash data together in interesting ways. Fireeagle, that blends together information about where you are. And there’s the stuff they’ve bought that most people don’t even realise belongs to Yahoo: delicious bookmarks, for example, or Flickr photos.

People may be down on Yahoo right now, and the share price isn’t pretty. But it’s still a big brand, known around the world. And, despite their frustrations, beloved by many geeks.

One day someone will come along and find a way to package all this stuff together, or sell bits of it off. Then Jerry’s Guide to the World Wide Web will find its way again. It just doesn’t look like that person is going to be Jerry himself.

Pig Gelatin Proves Oswald Acted Alone

image

Advances in technology—specifically, in blood spatter analysis and crash test dummies—have been harnessed to prove that it was, in fact, Lee Harvey Oswald who killed JFK.

Blood spatter analysis has, apparently, been around for a while, but only recently has it gotten good enough to know what the spatter actually means. (More here, if you need to know and don’t mind pictures of spatter.)

Reconstructing the scene for a documentary by the Discovery Channel also involved another key piece of technology: the lifelike dummy. Technically they’re called ‘artificial surrogates’ and they’re made by an Australian company called Adelaide T&E Systems (motto: “engineering the world’s most biofidelic test platforms.” Biofidelic is a fancy word for lifelike.)

The Frangible Ballistic Heads (a great name for a band) are made from three different materials which simulate the brain, skull and external soft tissue (skin), which goes to make the spatter more lifelike. (The brain is made from gelatin made from pig skin and then dyed green, in case you’re trying your own Grassy Knoll reconstruction at home.)

The head was custom-fitted, based on JFK’s hat size. It was then attached to the company’s Hybrid III neck (“for improved response,” according to the website.) This is then attached to the company’s latest product, the Human Thoracic Surrogate, which can be fitted with “loadcells, accelerometers and pressure gauges to facilitate injury scoring,” according to Wesley Fisk, a partner at A&E.

They then brought in a bunch of scientists who did not know that they were investigating JFK, although the mock-up of the Dallas, Texas crime scene, complete with depository, grassy knoll (using real grass), etc, might have offered a clue. They were impressed by the Frangible Ballistic Heads. “The heads they used were quite interesting,” said one of the experts. “They were considerably more sophisticated than anything I’ve seen before.”

After the fake Oswald shot the fake JFK, they were asked to look at the spatter of all the green-dyed pig-gelatin. Turns out the the key was the lack of back-spatter—the stuff that goes the opposite way you’d expect if you’d just shot someone in the head:

The general lack of back spatter and the preponderance of spatter in another direction are two of the clues, among others, that the investigators used to pinpoint the origin of the shots.

Conclusion: just one shooter.

PS: The program hasn’t aired yet, but already it’s being called ‘baloney.’ Unsurprisingly.

Illustration: T&E Systems

Obese Texters, Back to the Future, and Scams

I make an appearance on the excellent Breakfast Club show on Radio Australia each Friday at about 01:15 GMT and some listeners have asked me post links to the stuff I talk about, so here they are.

Texting reduces obesity

If your kids are getting a little overweight, then treat them to a bit of texting. But it’s not quite how it sounds (I thought it might be something to do with the aerobic workout you get from the thumb twiddling.) No, a study by the University of North Carolina suggests that if obese kids are encouraged to keep a record of their eating habits via SMS, they are more likely to adhere to the health regimen—less TV, more exerices, less Coke—than those who just wrote down the same information. (Attrition rate was 28% against 61% for the paper diary kids and 50% for the control group.)

Part of this may be down to the fact that the kids get instant feedback via SMS on their results. So actually this is more about the interactivity of health regimes rather than the physical benefits of cellphones or texting. (Actually this whole SMS for health thing is quite a meme. Check out this conference here.)

The miracles of life in 2000—as seen from 1950

Popular Mechanics of February 1950 predicted a number of things, some of which have come true, some of which haven’t, and some of which should, if we got our act together.

What they got right

  • Highways broad without any curves
  • Doubledecked highways
  • soup and milk come in frozen bricks (but thought that cooking would be a thing of the past)
  • TV connected to the phone; but would buy stuff over the TV with store clerks holding the goods up obligingly for customers to inspect…
  • robots in factories, but controlled by punch cards
  • air travel would be frequent, but expensive because of jet fuel; rocket plane fare from Chicago to Paris would cost $5000

What they got wrong

  • Heart of the town is the airport
  • Clean as a whistle and quiet
  • Crime to burn raw coal
  • Illumnitated by electric suns on 200 ft high towers
  • A house would cost only $5000 to build
  • Houses don’t last more than 25 years
  • Wash using chemicals that shave as well.
  • Dishes dissolves in superheated water, so no washing machines
  • Plastics derived from cottonseed hulls, Jerusalem artichocks and and fruit pips
  • Clean the house by turning a hose on it; everything is synthetic fabric of waterproof plastic; drain in the middle of the floor
  • worried by mass starvation, scientists came up with food from sawdust, table linen and rayon underwear converted into sweets
  • ‘calculators’ would predict the weather
  • storms diverted
  • no one would have gone to the moon—yet…

What I wish they’d gotten right

  • Used underwear recyled into candy

Scam lady

Janella Spears, nursing administrator in a place called Sweet Home, Oregon, who practices CPR and is a reverend, has given $400,000 to scammers. She got letters from President Bush, the president of Nigeria and FBI director Robert Mueller. Wiped out husband’s retirement account, mortgaged the house and took out a lien on the family car. Everyone told her to stop but she didn’t.

This is the problem with scams; it’s very hard to accept you’ve been scammed, and so perversely it’s easier to continuing giving money in the belief that it will all come good.

Pocket Keys

A team at UCal San Diego have come up with software, called Sneakey, that can take a picture of a key and convert it to a bitting code, which is enough for a locksmith to make a new key:

  1. The user provides point locations on the target key with a reference key as a guide.
  2. The system warps the target image into the pose of the reference key and overlays markings of where the bite codes are to be found.
  3. The user specifies where the cut falls along each line and the bit depths are decoded by the system into a bitting code.

In one experiment, the Sneakey team installed a camera on their four story department building (77 feet above the ground) at an acute angle to a key sitting on a café table 195 feet away. The image captured (below) was correctly decoded.

They’ve not released the software but say it would be pretty easy to put together.

Video Chat in Gmail

image

I’m a big fan of Google Talk (Gtalk) but hadn’t come across this before: Videochat inside the Google Talk widget inside Gmail. Does it get any better than this? (Probably, but this works pretty well. Great for those guys not using Windows, and therefore unable to use the great Gtalk client.)

Automating Your Relationships

image

It’s not for me, but there’s a certain unerring logic about SocialMinder: instead of leaving your social and business relationships to be tended by natural forces, why not automate them?

SocialMinder offers just that, by mining your LinkedIn and Gmail address books and notifying you when you last contacted that person. (This is called monitoring the health of your relationships.) It not only does that; it will dig out some news item related to the person in question—or from the organisation they work for, and prepare an email for you. Something like this:

image

which reads:

Hi Wicak;

I was thinking about  you the other day, and then I saw this and had to ask how/if this impacts you..

ACES Int'l Certification Programs: Certified Utility Locator …
Here is the link:
http://www.acesinternational.org/

Hope that you all are well…

Talk with you soon…

Needless to say, should I send this to Wicak he would be highly surprised as that’s not the way I talk to him (not enough insults and expletives), and the fact I’m pointing out his organisation’s own website to him might give him pause to wonder whether continuing our friendship is a good idea.

Some early thoughts:

This kind of thing occupies an odd space in the social/business networking pantheon. On the one hand, we all know there’s a lot of dodginess about networking. It’s all about back-scratching, and what-can-you-do-for-me about it all. But it still needs to be civil, and at least a pretence maintained that there’s more to it than naked mutual exploitation (actually, put like that it sounds quite fun.)

So how to monitor and nurture those relationships without putting in the effort that real relationships require? Hence SocialMinder (I suspect a better name would be SocialMiner without the ‘d’.) It’s pretty well executed, of course, and perhaps there are instances where this kind of approach might be useful.

But all SocialMinder really does is to remind you that relationships aren’t about quantity, they’re about quality. Even business ones.

Everyone on LinkedIn knows—I assume—that they’re on there because they want to make use of other people’s networks. These networks, actually, don’t really exist. They’re just a bunch of names, loosely tied, as Mr Weinberger might put it. It’s not that LinkedIn is not useful, but it’s not because we’re constantly sending our LInkedIn buddies emails about their company’s activities. It’s because we can use those loose connections to hear about jobs, or put out requests, knowing that it’s going to people who accept such emails as part of the networking process. Call it a kind of ‘business spam opting in’.

So, sadly, I don’t think SocialMinder will catch on. Indeed, you might argue it marks the apogee of the social networking trend. If we need to rely on software to direct our relationships then, I suspect, we’ve either entered another dimension from which there’s no turning back, or we’ll realise the limits of the medium and start to focus on the people behind the nodes.