Tag Archives: Internet Service Providers

The Source of the Malware Scourge

Despite appearances, the U.S. is still the most popular place for the bad guys to place their malware code.

StopBadware.org has listed those Internet Service Providers that wittingly or unwittingly host “badware” — an umbrella term for any kind of software that insidiously installs itself on your computer. What’s interesting is that while there is one China company on the list, by far the biggest culprit is one iPowerWeb Inc, based in Phoenix, Arizona, which has more than 10,000 infected sites on their servers. (By comparison, then next biggest culprit has a quarter that.)

Badware is usually installed on a site without the owner’s knowledge, either by exploiting holes in the software that delivers content to the site or hacking into the site by guessing the owner’s password or making use of a hole in the server software. Victims would unwittingly download the badware by either visiting the website in question or be directed there from other websites which had been infected. Here’s a case of a fake MySpace page which lures victims to an iPowerWeb-hosted site where users give up their MySpace password. Interesting detail on how these work is here.

iPowerWeb appear to have a long history of attracting accusations that it doesn’t take this kind of thing seriously. Examples are here, here and here (from two years ago). So far there’s no press statement from iPowerWeb on its website; I’ve requested comment.

The sad thing here is that when Google and organisations like StopBadware find these hacked sites the sites are flagged and removed from Google searches, or else prefaced by a warning page. While this makes sense, it causes mayhem for the owners of these sites who are either not technically savvy enough to resolve the problem, or find themselves in limbo while their site is removed from the list after they’ve cleaned it up. A recent discussion of the problem on the stopbadware Google Group is here. (StopBadware says it will respond to appeals within 10 days and says the time is closer to two.)

One can only imagine the scale of the mess caused by all this. Hosting companies need to be smarter about monitoring this problem they’ll face declining custom or lawsuits.

The “Danger” of Wikipedia: “volunteer vandals with poison-pen intellects”

An interesting piece in Editor & Publisher on The Danger of Wikipedia, that quotes a USA Today piece written by John Seigenthaler, a retired journalist who served as Robert Kennedy’s administrative assistant in the early 1960s, says that a very personal experience has convinced him that “Wikipedia is a flawed and irresponsible research tool”:

Seigenthaler writes that a “biography” on the site posted by an anonymous author libeled him when it offered the following unsourced statement: “For a brief time, he was thought to have been directly involved in the Kennedy assassinations of both John, and his brother, Bobby. Nothing was ever proven.”

As the founder of the Freedom Forum First Amendment Center at Vanderbilt University, Seigenthaler is not known to be an advocate of restricting the right of free speech.

Indeed, it’s hard to understand why Seigenthaler’s alleged role appeared in his biography. I could find no reference to him at all in the JFK books I have, and there’s nothing, at least obviously, online about it. Clearly it was a deliberate piece of falsification, and, to Wikipedia’s credit, it has investigated the case. The point made there is that there isn’t much one can do about chasing down vandals working via Internet Service Providers “with providers who use proxies and dynamic IP addresses to give their users complete anonymity.”

That’s not enough for Seigenthaler, and the story relates his frustration in trying to find out who had libelled him, and Wikipedia comes in for a bit of a pounding:

Seigenthaler disputes Wikipedia founder Jimmy Wales’ assertion that the site’s thousands of volunteer editors operate a quick self-correcting mechanism. “My ‘biography’ was posted May 26. On May 29, one of Wales’ volunteers ‘edited’ it only by correcting the misspelling of the word ‘early,'” Seigenthaler writes. “For four months, Wikipedia depicted me as a suspected assassin before Wales erased it from his website’s history Oct. 5.”

Seigenthaler concludes with the following: “And so we live in a universe of new media with phenomenal opportunities for worldwide communications and research — but populated by volunteer vandals with poison-pen intellects. Congress has enabled them and protects them.”

Well, yes. In a way I can appreciate his frustration (and you wonder how many more libels there out there in Wikipedia-land). But I fear he overreacts. The fact that there were no edits of the page for four months — and that it took him four months to find it, or for someone to point it out to him — has more to do with how little the page was read, I suspect, than with the invidious nature of the enterprise. I’m not saying that things couldn’t be improved — indeed, according to a poster on Slashdot, some improvements are in the works in the field of validation — but I think it’s harsh to say the the universe is “populated by volunteer vandals with poison-pen intellects”. Peppered with, dotted with, sprinkled with, scattered with, speckled with, strewn with; perhaps. But overall the sum of human knowledge is significantly increased by the volunteers of Wikipedia.

The Secret Behind Google’s Success: The Instant Massage

Google’s profits are indeed impressive, and if my local newspaper (no link available, I’m afraid) is right, it’s clear clear why: the company is offering a service no right-minded person could refuse:

But the introduction of new products, such as instant massaging, and upgrades to existing services, such as mapping, helped Google attract more summer traffic than anticipated, executives said during a conference call yesterday.

This seems to have emanated from an AP story, carried by The Seattle Times and Canoe Money, both of which either fixed the typo or else didn’t create the error (no way of easily telling whether the error was in the original copy, or whether my local paper ran an ageing spellchecker over the word to create the fluff.)

Instant massaging is actually not that uncommon.  3G UK’s JustYak Chat “brings the popular Internet Instant Massaging to the mobile world” (a press release that hasn’t been fixed in two and a half years. Does no one proofread these things?) In fact Google offers “about 535” entries for instant massaging, only one or two of which seem to deliver what they promise. (IWantOneOfThose.com points to the USB Massager, which I’ve long touted as a serious peripheral.)

In fact instant massaging has a pedigree. It throws up 27 matches on Factiva, including this comment from Charles Gibson on ABC Good Morning America on June 20 (sorry, no links for these as Factiva is a subscription only service. You’ll just have to take my word for it):

Are cell phones, instant massaging, and multi-tasking giving us all Attention Deficit Disorder? Yes, is the answer.

I can well imagine. Instant gratification always was the enemy of concentration. Or this from the UK’s Birmingham Post on Nov 17 2004 in its Anniversaries section, which goes some way to explain why British workers are using more paper, but still leaves us wanting to know more:

2001: A study showed that paper consumption in British offices had increased by 40 per cent with the advent of emails, faxes and instant massaging.

Then there was the report of a local man exactly a year earlier in the Providence Journal arrested for online harrassment, or “cyberstalking”. The paper explains:

Cyberstalking is a misdemeanor charge that involves harassment via e-mail or instant massaging, according to the state police.

Indeed. People leaping upon strangers in public and on the Internet, delivering instant backrubs should definitely be stopped before it gets out of hand. (Sorry.) But then again, maybe this explains AOL’s difficult times. Back in August 1999, according to CNNfn’s Moneyline, AOL was doing its bit to make online a more pleasurable place to be, as a transcript of the show has host Stuart Varney explaining:

America Online is pushing to make its popular instant massaging feature an Internet standard. And in the process, out-muscle Microsoft. For the first time, AOL will let other Internet service providers use the massaging systems: EarthLink and MindSpring. The deal lifted shares of Earthlink 4 1/2. Mindspring rallied nearly three. And AOL edged up nearly a dollar.

Only a dollar? Microsoft clearly lacked the technique and strength necessary to make backrubs an Internet standard. EarthLink and MindSpring (the names carry different connotations now, knowing they were more focusing as much on massages as messages) clearly were 100% behind this initiative.

One can’t help but wonder, though, what the transcribers and stenographers made of what they were writing when they wrote ‘massaging’ rather than ‘messaging’; take, for example, this transcript from September 1998 Congressional Testimony by John Bastian, Chief Executive Officer of Security Software Systems, a company offering “computer software solutions designed to protect children on-line”. His testimony on the dangers of life online was otherwise impeccably recorded by the Congressional stenographer, except this bit:

Thousands of explicit web sites exist with millions of pages of pornographic material. Most are easily accessed by a few clicks of a mouse. But sites are only a portion of the sexually explicit areas. E-mail, chat rooms, news-groups and Instant massaging can be virtual playground for the sexual predators and pedophiles.

Makes the Internet sound an even scarier place than it already is. Maybe we’re better off that AOL failed in its vision, and that Google may not, after all, be reaping huge profits from instant physical therapy.

Dialer Scams And Heads In The Sand

I can’t help feeling that telephone companies and Internet Service Providers are in real danger of legal action if they don’t tackle the problem of modem dialing.

This NBC5 story from Chicago quotes a local woman as complaining about a series of weird calls to her phone company, SBC. The answer: “They didn’t know too much about it. They said, ‘Well, you might want to check with your Internet provider,'” the customer recalled. Her ISP, AOL, wasn’t any more helpful. “The person said basically there was nothing they could do; these charges were not coming from them, therefore, they can’t credit us, they can’t help us,” the customer said.

Phone companies and, to a lesser extent, ISPs, can’t stick their heads in the sand on this. They mustn’t palm off customers with stupid answers, and they must investigate themselves the companies behind these scams. If they don’t, class action suits are bound to follow.

Marketers Baffled By Spam Laws

This new spam law, so far, is taking us nowhere.

A new survey conducted by email marketing service Blue Sky Factory reckons that nearly half of email marketers aren’t sure whether the stuff they send out is compliant and more than half admit that they do not understand the new U.S. laws (called, catchily but inaccurately, CAN-SPAM). Marketers, needless to say, aren’t happy: almost 40 percent do not believe the new laws will have a positive influence on the online relationship between businesses and their consumers. (A PDF version of the survey is available here.)

This seems to be the prevailing view at a conference in San Francisco, where WIRED reports that a lot of folk are nervous, since the law carries heavy penalties not just against marketers but the folk selling the product they’re peddling. This may be no bad thing, of course: The story quotes someone from dating site Date.com as saying his company now has a “a strict policy on privacy and bulk e-mailing” in place. Others complain that the law gives too much leeway to Internet Service Providers to block stuff that looks like spam, so they find that their emails are getting stopped even when they’re complying with CAN-SPAM.

Nowhere, so far, is mentioned the alternative: RSS. To me it seems a logical step. RSS feeds don’t get blocked, control over receiving or not receiving is in the hands of the reader, and it’s cool. Get with the program, email marketers.

Zone Labs Snapped Up – Firewalls R Us?

My favourite firewall, Zone Alarm, is being bought by another firewall maker, Check Point Software Technologies [CNet News.com].

It looks to me as if there’s quite significant consolidation within the security software industry, not just from the point of view of big guys buying the smaller guys, but of companies trying to create products that offer an all-round ‘security solution’. Symantec have long peddled this type of idea, but their 2004 embodiments have increased the coverage to include cutting out spam, spyware and even pop-ups. With Check Point focusing on server-side software it makes sense that they grab Zone Labs, whose strength is software for desktops and notebooks.

Expect to see software companies trying to push more integrated software that offers this kind of overall solution to corporates and to ISPs. While it obviously makes sense for companies to farm out these kind of problems — viruses, spam, any kind of disrupting influence on their networks — to single companies. Internet Service Providers will doubtless see a market to sell something similar to the individual user, keeping such rubbish out of their inbox and away from other subscribers.

My only worry is that such ‘packaged solutions’ may not offer the best individual component: Just because a company makes all the products you need, doesn’t mean they’re all great. I use Norton Antivirus but stick with Zone Alarm because it tells me more about what’s going on.

News: The RIAA Are After You

If you’re in the U.S., and have ever used Grokster, KaZaa or another file sharing program to download mp3 files, expect a call. The RIAA are out to get you, and they don’t care whether you’re a granny. According to Associated Press, one 50 year-old grandfather in California was shocked to learn this week that the RIAA had subpoenaed his ISP to provide his name and address for downloading songs from the internet. But the man was not the downloader – it was a member of his family.

The RIAA has served subpoenas to Internet service providers, which will ultimately end in lawsuits. TechTV has published a number of the P2P user names filed with the US District Court in Washington, DC, mainly Kazaa users. In the end this list could be massive, raising the possibility of a backlash and a half.

My tupennies’ worth? I think the RIAA should have been more circumspect. My understanding is that the vast majority of mp3 files out there are from a small number of uploaders, and if they can be closed down, the file-sharing world will be less appealing. Get rid of them and you may have little more than an informal ‘tasting net’ where folk can check out music without having to pay for it first (a little like the old cassette days). Or am I being hopelessly romantic?