Tag Archives: pence

ASEAN Phishing Expeditions

Mila Parkour, the indefatigable phish researcher from DC, points to some recent spear-phishing attacks which to me help confirm that Southeast Asia, and ASEAN in particular, has become something of a focus for the chaps in China.

They also highlight just how vulnerable diplomats in the region are because of poor security.

One is a phish apparently coming from the Indonesian foreign ministry, in particular one Ardian Budhi Nugroho, whom the email correctly describes as from the Directorate of ASEAN Political Security Cooperation. The subject matter is topical and credible:

Dear Sirs/Mesdames,
Enclosed herewith letter from Director for ASEAN Political-Security Cooperation, informing the date of the next Direct Consultations between ASEAN and P5 Nuclear Weapon States, which will be held on 4 – 6 October 2011 in New York. A Tentative Programme of the Direct Consultations is also attached for your kind reference. Thank you for your attention and continued cooperation.

The only good thing about these phishes is that they reveal something of the attacker’s interests. These attacks are timed carefully a week or so ahead of key meetings–in this case a Oct 4-6 meeting in New York of ASEAN and P5 Nuclear Weapon states (one of those states, of course, is China). The email was sent on Sept 20.

The email address given, aseanindonesia@yahoo.com, doesn’t appear to be genuine, but it could easily be. Look, for example, at the email addresses listed here. More than half are either ISP or webmail addresses.

Diplomats need to get wise to these kinds of attacks by using their domain’s email addresses and being more sophisticated about their communications (not sending attachments, for one thing, and telling me they don’t.)

How does all this work? We don’t know who received this but it’ll probably be a list of diplomats attending the talks–not hard to find, as we can see from the above list. It only needs one member of each delegation to open the infected attachment for their whole delegation to be in danger of China–or whoever is behind this attack–to be able to monitor everything they do.

Headsets Get the Bling Treatment

A few weeks back on my WSJ.com column (subscription only; I’ll update you when it’s out on the BBC World Service) I explored the world of bling cellphones, including the Vertu range, the Kathrine Baumann “Wireless Wardrobe” Collection (inexplicably that collection is now password-protected since I last visited), the fancy wooden Mobiado range, and the diamond-encrusted, gold-set Samsung. I guess it was inevitable that headsets would start getting the bling treatment, and here’s the first: the Dimante Pink Bluetooth Headset (via Red Ferret:

Hedset

The Pama P7008 Bluetooth headset comes with the usual Bluetooth Version 1.2 compliancy, with Headset & Handsfree Profiles, One Button action, up to 5 hours talk time and 200 hours standby, weighs “just 12.7g”, and is the Ideal Bluetooth Hands Free Kit Gift for the Woman in your Life! (it says here).

Frankly I feel insulted. Why can’t us fellas have one? The only problem I can see is that with all that bling on your ear, aren’t you becoming a walking mugging invitation?

Of course you might be asking yourself why a diamond-encrusted handsfree weighs the same as an ordinary headset and costs about the same (£47.95, or $84) as an ordinary headset. That’s because of the $17 Crystal Bling Design Kit which lets you jazz up your accessories — from cellphones to iPods — with little bits of shiny crap, sorry, Crystal Diamante. I think I’m going to bling up my Treo 650.

The Prepaid GPRS Rip-off

I’ve grumbled before about how hard it is to do GPRS on prepaid cards. For those who haven’t done this, it’s simply a way to turn your smartphone into an Internet ready machine when you’re on the road (removing you from some of the pain of roaming GPRS charges, in the rare times they’re available. )

The problem is that as far as I can work out there are no flat-rate plans for prepaid GPRS users. Instead, you’re charged per kilobyte transferred, and just downloading a dozen or so email headers  (not the contents; just the headers) will quickly drain your credit. I emptied 20 pounds of credit on UK’s T-Mobile this month after checking my email twice and making a couple of local calls. The price per kilobyte is given as 2 pence but that doesn’t sound right. GPRS on prepaid seems a quick route to bankruptcy. No wonder there’s no useful information about the pricing on their website.

Sadly it’s not just Rip-Off Britain that’s emptying pockets with what are  beguilingly called Top-Ups. Singapore and Hong Kong, when they offer GPRS at all, do so at rates that are usurious.

Anyone had similar or contrasting experiences? Or tips for getting around this problem? Here are some from Syd Low of Alien Camel. My only ones are these:

  • use one email account for vital stuff when you’re travelling so the number of emails you need to sync is manageable;
  • download only headers on sync. You can always download the whole email if you need to;
  • eep your inbox folder as empty as possible if you’re using IMAP. This reduces sync time and cost.

Bookselling And The Internet

Spent an interesting couple of hours with an online bookseller yesterday researching an upcoming column about selling over the Internet. Ian Bruce works out of a disused British Telecom phone exchange, a long narrow building with only one window nestled between the sandstone houses favoured by Britain’s new ruralized yuppies in the quaint English countryside.

I learned a lot about how the Internet has changed the booktrade of which I was once a small part. In particular, how Amazon is, with its Marketplace, doing the same to the second-hand trade as it did to new books. Now booksellers sell popular books for 1 pence (a couple of U.S. cents) and make their profit on the Amazon allowance for postage, which is about $5 in the UK. This of course squeezes the smaller booksellers out of the game, since they can’t exist on that kind of margin. “The thought of trying to make a livable wage on less than one pound is ludicrous,” Ian tells me.

The market, he says, is quickly maturing, pushing more and more small sellers out of business: “The market in the U.S. has developed to maturity and people are pricing to the absolute margin,” he says. “This will eventually happen in the UK too and for that reason it’s absolutely absurd to stock any popular book.” The result: Booksellers like him are furiously weeding out any book they might recognise and holding on only to those books that have some sort of rarity value. “My rule of thumb is, if I haven’t heard of the title or author, then I might be interested.”

This is a grim view of the bookselling world, although it hasn’t quite imploded. My local bookshop, Kingsthorpe Bookshop, is still going, but the proprietor is threatening retirement soon. Hay on Wye, a mecca for bookworms, still hosts dozens of small bookshops which all seemed to be surviving when I visited them a few weeks back. But while books are an odd commodity — what other business requires you to stock a selection of thousands of single units only, year in year out? — the Internet is removing the last few kinks from the market, and it will only be a matter of time before copies of every book ever published can be hunted down at the click of a mouse.

The likely result is that folk like Ian won’t have much business. Sitting on stock won’t be worthwhile, but neither will the skill of matching customer requests with books be much of a skill either. The trick may end up finding those books that are commanding high prices in the short interval before everyone else digs up more copies and pulls the price down. “You look for the unpopular books,” says Ian, “that there will be someone — some man in Brazil, perhaps — may be looking for.”

WAPjacking And The End Of Innocence

Here’s a new kind of cellphone scam (via Mike Masnick of Techdirt, writing in TheFeature): WAPjacking (well that’s what he calls it, and I like it):

Taking a page from the still popular redialer scam on PCs – where a secretive trojan tries to disconnect your modem (assuming you’re using dialup) and reconnect you secretly to a premium rate phone number in some distant country – the WAPjacking scam basically does the same thing. It involves an SMS message that overwrites the WAP settings on your phone, replaces the standard WAP home page with something else – and then switches the call to a premium rate number.

The original article on NewMediaAge in the UK says ”the issue is considered so severe that operators have raised the prospect of banning all third party binary, or data, SMS messages, which would kill the content industry”. The article points to these dialers making calls to 0700 numbers, which in the UK are about 40p ($1 or thereabouts) a minute. But I imagine the real threat would only occur if the numbers being dialled were offshore, otherwise these kind of locally-based scams could be shut down quite quickly.

In his article Mike compares the scam to to Bluejacking and Bluesnarfing, which, he says “both seemed to be hyped well beyond any real threat”. While I’d agree there’s been some overkill in the British press, I don’t agree that neither represent “any real threat”. The point is always about stealing data and compromising communications, something the two processes do quite well. It’s not up to us to decide whether this represents a threat: If someone stands to lose valuable, sensitive or private data this way, it’s a threat for them.

Similarly, I wouldn’t put WAPjacking in the same category, at least for now. Diverting someone’s phone so the user loses money is not the same thing as losing the combination to your office safe, or a competitor grabbing all your contacts. But I think what all these cases have in common is that we’re just beginning to understand the vulnerability of holding in our hand an object that contains so much information, an object that can be hijacked to connect with anyone or anything without our knowledge. As Mike puts it: “It’s safe to assume that the wireless data industry has lost its innocence.”

News: Horses For Main Courses; Handphones for Bones

 Good piece by the BBC on how micropayments may not be taking off online, but are with handphones. “While many of us are happy to use a credit card online, spending tens, hundreds, and occasionally thousands, of pounds, parting with just 50p is less common.” Despite the lack of any common system for micropayments, the BBC says, “spending via mobiles is starting to take off, albeit only for extra mobile phone content.” 
 
Read techdirt’s take on it here.  My tupennies’ worth: people need to be confident of several things before they adopt a system of payment that they’re not previously exposed to:
a) it’s easy to figure out;
b) it’s convenient, both for the transaction and the eventual physical payment;
c) it feels safe.
Micropayments mostly don’t work online because they’re too hassly for what you’re doing. You’re sitting at home, you got everything you need, what is there to make a micropayment for that could make your life any richer? But if you’re stuck in the subway at midnight and need a chocolate bar, or a ticket home, that’s a whole different game.

Update: A Successor to Sony Ericsson P800?

 Those of you who admired the Sony Ericsson P800 cellphone/camera/PDA but never got around to buying one, hang on until October. PMN Publications, a mobile newsletter, reports that Sony Ericsson is planning an upgraded version of the P800, featuring an enhanced digital camera, 65,000 colour screen and a slimmer form factor. It will be called either the P810 or P900.
 
 
One major European operator has scheduled availability for 1st October 2003.
 
I have to say that while I admired the screen and the look and feel of the software, I wasn’t a convert to the P800. Too many things seemed to go wrong, and one user I spoke to reported having to return his unit three times before he got one that didn’t crash. Other users, of course, love ’em.
 

News: “Champagne or ink, sir?”

The chips are down
 
  Unsurprisingly, computer printer cartridges are more expensive than vintage champagne. An investigation by British consumer group Which? published yesterday found that “Epson inkjet cartridges stopped printing even though in some cases there was enough ink to print over a third more pages”.
 
 
Here’s the full press release:
 
“Many of the printers tested gave premature warnings to change ink and toner cartridges, but most gave users the option of continuing printing. However, embedded into Epson’s ink cartridges are chips that stop the cartridge working before the ink runs out. A Which? researcher managed to override this system and print up to 38 per cent more good quality pages, even though the chips stated that the cartridge was empty.
 
“Epson cartridges are pricey – a T026201 cartridge costs about £21 and holds approximately 12ml of ink. This works out at around £1.75 per millilitre for ink, which makes it over seven times more expensive than vintage champagne (a bottle of 1985 Dom Perignon works out at about 23p per millilitre).
 
“Epson said that customers are free to reset these chips to get more ink out, but it will continue to use them ‘to protect the customer from accidentally damaging their printer or producing sub-standard print quality, by unknowingly draining the ink cartridge and damaging the print head.’
 
“Which? experts think that damaging the print head is unlikely if consumers stop printing as soon as they see a drop in quality.”
 
I’ve harped on before about the sleazy price of cartridges. I hadn’t thought of comparing it to bubbly, though. Good one.

Column: the all in one gadget

Loose Wire — All-in-One Gadgets: Compact But No Cure-All: The Sony Ericsson P800 is an Internet-enabled PC, hand-phone, digital organizer and camera rolled into one; But some things are better kept separate

 
By Jeremy Wagstaff
 
from the 10 April 2003 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.
If you’re anything like me, you hope the next gadget you buy will solve all the problems with your existing one — phone, palm-held device, lawnmower — only to find that in most cases, you’re forced to settle for something that may be better, but not necessarily in the way you imagined, or hoped. Call it Feature Disconnect.

Take my new hand-phone, for example. I needed something that didn’t keep switching off mid-call, where the keys didn’t stick, and which had some extra features such as a decent calendar, contacts list and whatnot. After much deliberation I settled for the Nokia 7650, a beast that combines camera, digital assistant and phone.

The Nokia 7650

Two weeks on, I like half the features and am somewhat disappointed over the other half, but in most cases the things I like about it are not the reasons I bought it. I’ve had to abandon synchronizing my data with Microsoft Outlook because the Nokia slows to a crawl with all my contacts aboard, while the short messaging (or SMS) feature, while comprehensive in terms of storing and displaying messages, is actually more fiddly than its predecessor. On the other hand, I’m addicted to taking pictures of people and linking the picture to their contact details, so on the rare occasions they call, their visage appears on the screen. Completely pointless, I know, and certainly not why I bought the thing, but it makes me happy.

I suspect similar problems with Sony Ericsson’s P800 (about $650). As I’m sure you know, Sony Ericsson is a trial marriage of Japanese electronics-giant Sony and Ericsson, the Swedish hand-phone manufacturer. They’ve been dabbling for a while in handsets and with their most recent model appear to have hit something near the jackpot. It looks a lot like a normal phone, but flip open the keypad and you get a screen the size of Hungary, an interface to die for and an almost fully fledged digital organizer. It’s a marvel of engineering, delightful to hold and look at, but sadly it’s still vulnerable to Feature Disconnect.

The Sony Ericsson P800

It’s like this. The P800 is out to replace your hand-phone and your personal digital assistant. It has handwriting recognition and will synchronize with Outlook and Lotus Notes; you can write and read e-mail and surf the Internet on it. Flip the keypad back into place and you have a normal phone that’s no larger than most existing hand-phones. Oh, and it takes pictures. For many folk it’s what they’ve been waiting for: a convergent device that means they can leave their Palm or PocketPC at home, as well as the digital camera. Lighter pockets all round. Out of the 100-or-so user reviews I read, only a handful said bad things about the P800.

My experience was different: While the handwriting recognition (scrawling letters on the screen which are then interpreted by the phone into digital text) is no better or worse than its peers, it’s one thing to tap away in your spare time and another to try to enter notes or phone numbers while you’re on the road taking a call from the boss. Errors creep in and frustration mounts. The software aboard the P800 is a departure — it’s neither Palm- nor Microsoft-related, instead drawing on the Symbian platform — and is nicely designed, but has its quirks. There are some treats — tap on a phone number and a menu appears, allowing you to phone, SMS or add the number to your contacts directly.

But there are also some oddities — I could not find, using a keyword search, any of the folk I had added to the contacts directory, and was horrified to discover that the phone does not support the “predictive text” SMS function used by everyone and his dog (predictive text anticipates what word you’re trying to tap on the keypad, allowing you to press keypads once to form words instead of several times). To not include this is, in my view, like selling a car without a steering wheel. My verdict: The P800 is a very impressive device but it’s too limited to replace my Palm — making it just a very expensive phone, albeit a full-featured one.

The problem as I see it is this: As all these gadgets get better, we demand more out of them. Then we want all those features in one device. Seeing the P800 — the closest anyone’s come to an all-in-one gadget — I can’t help wondering whether we’d be better off keeping some things separate. With a keyboard and Bluetooth, today’s Palm or PocketPC can, under certain conditions, do a very good job of mimicking a laptop, something that wasn’t really intended when they first appeared in the mid 1990s. Hand-phones now are messaging devices — transmitting not just voice, but messages, pictures and whatnot, storing music and taking photos — something that certainly wasn’t envisaged with the launch of their brick-sized ancestors in the early 1980s. All these features, in my view, make it less likely — and indeed, less preferable — to have an all-in-one device. So long as they communicate well with one another, I think manufacturers should focus on combinations of devices, allowing us users to mix and match according to our whim, however quirky. That way we might get what we want and not lose the features we like every time we upgrade.

Now keep still while I take a picture of you in case you call.