Tag Archives: Reading

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

The Mind Mapping Software Weblog

For mind mapping fans, there’s a new Mind Mapping Software Weblog:

The Mind Mapping Software Weblog is designed to provide businesspeople with a focused collection of resources related to visual mapping – its applications, its benefits, and how you can use it to increase your productivity and creativity.

It’s early days. but looks promising. If nothing else, there’s a good list of mind mapping software, which includes some not in my own list.

Hong Kong’s Unseen Icon

Hong Kong is a very practical city — you’ve got to be, with everyone living on top of each other — but sometimes I wonder whether it’s also an overly conservative one. For example, the other day I was very impressed at how one restaurant, which only accepts cash, brings the change in anticipation of what bill you’ll pay with. Put a HK$500 down on the bill wallet, and with a flourish worthy of a magician, the wallet is opened at another page with the change already there. Charming, and practical, saving time, and footleather.

But that’s the only restaurant I’ve seen this at. Maybe there are more, but you would think an innovation like this would quickly catch on elsewhere. So far, it seems, it hasn’t.

Jak0310(41)To me the biggest area that is ripe for some innovation like that is the Hong Kong cart/trolley. It’s ubiquitous, and as long as I’ve been visiting Hong Kong it’s been here. For those of you haven’t seen one, it’s a very simple design: four small wheels, larger than a baby-buggy, but smaller than a child’s bicycle, overlaid with a metal frame and sometimes a wooden board. The handle is a simple iron rod bent at the top. That’s pretty much it.

Now, these things are everywhere. Out to grab a coffee this morning I spotted about 30. They’re so commonplace they’re invisible, which is tricky in a place where pedestrians or cars cover every inch of spare sidewalk or road. Somehow, the folk that use these things manage to navigate their way through the throng without any ankles removed, people upended or worse.

And they are used to carry everything. I started snapping a few, but quickly ran out of space on my cellphone before I could capture the full range:

Jak0310(40)

‘A yellow-booted guy transporting live fish’

Jak0310(37)

‘Dude Unloading Boxes’

Copy 2 of Jak0310(34)

‘Guy Shovelling Sand Into Baskets’

Jak0310

‘Man (Or Woman) Pushing Chair Backs Down Lee Garden Road’

Jak0310(19)

‘Gas Cannisters Locked To A Tree’

Copy 2 of Jak0310(31)

‘Guy Pushing Water Containers With Reading Matter in Hip Pocket’

Jak0310(01)

‘Woman Pushing Pile of Crap Down Lee Garden Road’

and the rather poignant ‘Elderly Woman With Empty Trolley Heading Off to Times Square’:

Jak0310(43)

OK, you get the idea. They’re multifunctional. They’re used by a wide swathe of age-groups and users. They’re also good for parking on Hong Kong’s many inclines:

Jak0310(03)

Indeed, you can park them more or less anywhere, secure in the knowledge that no one looks at them twice:

Copy 2 of Jak0310(32)

Clearly these trolleys are useful. But to me they’re still badly designed. You can see as much from the various customizations that their users have introduced. In the picture above, for example, you can see the classic ‘One Rope Across the Handle Bar’ hack which helps stuff not fall off the back. Variants on these include the ‘Multi Rope Web’ which does a better job, basically by tying as much rope or string across the back of the handle as possible. Those without rope can try the ‘Piece Of Cardboard Across The Handle Kept In Place By Tape Hack’:

Jak0310(30)

All of these look aesthetically awful, but have endured as long as I’ve been coming to Hong Kong, which is 16 years. Then there’s the problem of the handle itself. Not much you can do with it, except try the “Bag Hanging Hack” which is illustrated thus:

Jak0310(21)

Or the street-cleaners (yes they use them too) “Bag Hanging Hack + Bamboo Pole with Warning Red Flag On”:

Copy 2 of Jak0310(35)

But to me all these hacks cry out for a better design. There must be a better way of transporting stuff around in Hong Kong. Of course, there are other methods, from the old delivery bicycle:

Jak0310(18)

(I love the Chinese handwriting and telephone number painted on.) There’s also the smaller two-wheeled trolley concept:

Copy 1 of Jak0310(36)

But the four-wheeled trolley is by far the most popular. To me it’s an icon of Hong Kong and a testament to the grit and attitude of its people that they are still as common as they were a decade or so ago. I imagine that without these trolleys, Hong Kong would grind to a standstill:

Jak0310(39)

Still, I’m no designer, but I would have thought that these trolleys could be better designed, or some of the common hacks one sees on existing models could be built into future models? Or would that ruin the Unseen Icon of Hong Kong?

Can We Trust Anti-Spy Software?

Who watches over the watchers? In software, it seems, it’s often the same folk.
 
Reading a press release for X-Cleaner, “a privacy tool suite that detects and removes installed spyware and adware components”, it sounded interesting enough for a mention. After all, it “includes tools to securely delete files, edit the registry, disable startup programs”, as well as “IE home page protection, cookie, cache and history cleaning, built-in password generator and more”. What’s more, there’s a free version with some features disabled. Not a bad tool for those folk worried about keylogging phisher trojans and whatnot.
 
But when I tried to find out who the company is behind it — never easy with companies working outside the U.S., I find — I saw some of the other software sold by the same company. The company is called XKee, it does not reveal where it’s based (and the WHOIS registrant information for the website contains a UK-based email address and a half-complete New York mailing address). XKee says (and I reproduce the original formatting here) “WE DO NOT MAKE ANY OF THE SOFTWARE! EACH PRODUCT IS SUBMITTED BY A SOFTWARE COMPANY OR DEVELOPER, OR IS PICKED FROM THE INTERNET BY OUR EDITORS. WHAT WE DO IS REVIEW AND RATE THE SOFTWARE, CATEGORIZE IT AND MAKE IT AVAILABLE TO YOU.”
 
Among those products are:
  •  iSpyNOW, “the critically acclaimed, award winning remotely deployable computer monitoring application. iSpyNOW is first of its kind – offering users the ability to remotely monitor a machine via a web interface without ever having physical access to that PC. iSpyNOW 3.0 now sets a standard in the remote monitoring and surveillance market. Read below to see why iSpyNOW 3.0 is the most powerful remote surveillance software offered anywhere!”
  • SpyBuddy,  ”the award-winning, powerful spy software and computer monitoring product for monitoring spouses, children, co-workers, or just about anyone else! SpyBuddy allows you to monitor all areas of your PC, tracking every action down the last keystroke pressed or the last file deleted! SpyBuddy comes equipped with the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, every application executed, every document printed, every file or folder renamed and/or modified, all text and images sent to the clipboard, every keystroke pressed, every password typed, and more!”

Now, I know that software sites such as this are not unusual, and it’s also not unusual that they’re going to sell software that plays both sides of the fence — snooping, and anti-snooping — but it made me wonder: In these days of sophisticated fakery, how do we know the anti-snooping software does what it says it does? How do we know the software is not doing its own kind of snooping, like the other products on sale? If a company is happily selling snooping software, how far can we trust them to sell us something that does what it says it does?

The answer in the case of X-Cleaner is this: Despite the similar sounding names, it does not appear that X-Cleaner is related to XKee. X-Cleaner, from what I can see, is a bona fide anti-spyware program produced in Belgium by a company called Xblock. It has been reviewed in PCWorld and elsewhere, so is probably kosher. But there’s no easy way of telling any of this by visiting the websites of XKee, X-Cleaner or Xblock. I could find no useful company page, nothing to identify the folk behind it and an address or something to grab a hold of.

My feeling is this: I’m sure XKee and companies are not into anything sleazy, but nowadays I think they have got be much more upfront about who they are if they want to be credible: Especially if they’re selling potentially law-breaking software like spyware and mass-mailers. We need a physical address, some names, a corporate identity that stands up to scrutiny and customer queries. For the user, I’d say this: Be wary of any software that promises to keep your privacy unless you’ve read a review by someone you respect, and you have a pretty good idea of who’s behind it. For columnists like me, I’m going to be more careful about what software I recommend in future. End of sermon.

Service: Phlog? Photog? Photblog? Phoblog?

 From my friend Rani in Singapore, I read with interest of a new service designed by two 19-year old twins Keng and Seng. It’s called Phone Logger, or Phlogger, and it allows anyone (not just those residing in Singapore) to update their blogs (online journals called web logs, or simply blogs) via their handphone’s Short Message Service, or SMS. Actually it utilizes the more advanced MMS, or Multimedia Messaging Service, which includes longer messages and photos. The service is free, and while testing has already got 340 registered users.
 
An interesting idea, and great that it’s being developed in this part of the world. My main worry, apart from the less-than-mouthwatering name, is that it’s already been adopted to mean Photo Logging — see phlog.net, by a guy called Alan from Reading in the UK. Who was first? There’s also moblogging, for mobile blogging, which is pretty much the same thing as Photo Logging, firing off photos from your handphone to a website. Fotopages is one example of this. Other terms still floating around: Photog, Photblog, Phoblog. I’d plump for moblog to mean any blog that’s being updated wirelessly, whether it’s pictures or text. Objections, anyone?