Tag Archives: spokesman

Guerrilla Marketing Via Lederhosen

I’m getting a bit cheesed off with all the advertising/sponsorship shenanigans at the World Cup, and I’m not even there. The idea that you can only buy tickets using the sponsor’s credit card, that food like McDonalds and drink like Coke can somehow be an official partner of a sport, all seem to indicate a world gone mad, but all that is eclipsed by the fact that you can’t enter a stadium wearing a rival sponsor’s attire: Hundreds of — one report suggested more than 1,000 — Dutch fans had to watch the Ivory Coast game in their underwear after stewards ordered them to remove their orange lederhosen.

The story, as far as I can work out, goes like this. The idea is the brainchild of a Dutch brewery called  Grossbrauerei, which produce a beer called Bavaria. The brand marketing manager is one Peer Swinkels (“Bavaria is beer with guts, for men with guts”), who has launched several elaborate ploys to market the beer. One involves, er, sponsoring a motor racing event, along with a “Burning Rubber” Gala Night. (Event organiser: “We assure you that the name of this gala night is not a joke”). Another involved relaunching the career of Albert West, a slightly over the hill Dutch singer in towns with the word “West” in its name — Amsterdam West, Rotterdam West, Utrecht West, Leiden West, Hengelo West, etc: (“This sort of subtle humour is always combined with down-to-earth realism in the Bavaria-campaign. Albert liked the idea. He can laugh at himself. That is what makes Albert such a nice guy.”)

You had to be there, I guess.

Anyway, the lederhosen. This is an inspired idea and goes to the heart of some already controversial sponsorship over the most important item at the Cup: the beer.  The lederhosen, you see, sported the name of Dutch brewery Bavaria, which is not the official beer of the World Cup. (Anheuser Busch’s Budweiser is the official beer.) The lederhosen are orange, carry the regulation braces, as well as a tail. They come free with a 12–pack of Bavaria, and have become something of a cult item among Dutch fans, who wear orange from birth, although there are reports that they are just being handed out for free too:

Leeuwenhose

Briliiant. You get your product into the stadium and onto the world’s television without having to pay a dime. As a marketing ploy they are somewhat less subtle than the use of an aging Dutch rock star but they do deserve some credit: taking the mickey out of those German beerfests, selling a beer called Bavaria, right in the heart of Germany. And, to boot, embarrassing the U.S. beer partner Budweiser, who like other sponsors paid between $45 and $50 million for the privilege of having only their brand on display. In fact, Bavaria has already been making trouble: Heineken, the official sponsor of the Dutch national team, ordered fans to leave their lederhosen outside the ground at a friendly game against Cameroon. (A Dutch court has since ruled that fans should be allowed to wear the trousers, apparently, although this won’t wash in Germany.)

This explains why stewards are ordering fans to strip. FIFA spokesman Markus Siegler: “Of course, FIFA has no right to tell an individual fan what to wear at a match, but if thousands of people all turn up wearing the same thing to market a product and to be seen on TV screens then of course we would stop it.” The issue might be particularly sensitive because Anheuser Busch has its own problems, being forced by longstanding trademark issues to settle for merely Bud brand (not the full Budweiser brand, which is in dispute in Germany) in return for allowing local brewer Bitburger to sell its beer in unbranded cups outside the grounds.

Peer, of course, sounds suitably outraged but must be loving it. Officially, this kind of activity is appalling and the offline equivalent of subdomain spam, but so much more imaginative. At the same time it raises lots of interesting dinner party discussions about the rights of the individual against the rights of a sponsor (if I chose to wear those pants and wasn’t paid to do so, then does it constitute advertising, and should I not be allowed to wear what I choose so long as it does not appear to be a deliberate effort to advertise?); what constitutes a group, whether orange is an acceptable colour for a national soccer team, and whether people should even be allowed to wear lederhosen. T

Symantec’s Hole

I am starting to be a bit concerned about the future of blogs, but there’s no question a blog is the best way to get information out to people quickly, especially if it’s about the Internet, technology or tech-related stuff. It needn’t be a blog, but it needs to share the blog’s most powerful features – speed, easy to use and easy to find, and deliverable by the best mechanism we’ve come across so far: RSS.

Case in point: Symantec, one of the world’s biggest makers of antivirus software, are red-faced after EEye Digital Security revealed on Thursday that it had found a software vulnerability inside Symantec’s Anti-Virus Corporate Edition 10.0. As darkreading says, the vulnerability  requires no user intervention and could be used to create a worm. This is an important event, and Symantec need to let their customers, and people in general, know about this as soon as possible. So why is the company’s website making no reference to the exploit, except for a “Symantec Client Security and Symantec AntiVirus Elevation of Privilege”, which cannot mean anything to anybody except the smallest circles (an Elevation of Privilege, is, according to Microsoft, “the process by which a user obtains a higher level of privilege than that for which he has been authorized. A malicious user may use elevation of privilege as a means to compromise or destroy a system, or to access unauthorized information.”)

No mention in the heading of a vulnerability, or a problem with the very software that is used by a lot of people. Unless you really know what you’re looking for, the advisory doesn’t really shed much light on the issue. Nor does Symantec’s main website: While the main page includes a link to the advisory under its Recent News tab on the left of the page, with the less than informative “AntiVirus Notice: Norton Customers Not Affected; Advisory for Corporate Customers”, I could find no press release two days after the vulnerability had been found and been acknowledged by Symantec. The latest Symantec news release is from Wednesday, the day before the vulnerability was found, and there’s nothing there I can find that relates in any way to the issue at hand. This despite there definitely being a statement out there, because eWeek quote a statement from a Symantec spokesman sent to the magazine.

I’m requesting a comment from Symantec to see what they say about this. Apologies if I’ve missed something here, but my feeling is that Symantec need to be very upfront about this kind of thing — a vulnerability in a piece of software its customers rely on to keep out the bad stuff — and to inform readers, journalists, users and investors in a faster, more open and more informative way than they did so far. A blog would be the perfect place to start.

The First U.S.-China Cyberwar?

There’s growing coverage of China’s Internet ‘cyberwar’ against the U.S., which seems to have been going on for more than two years with neither side wanting to go public. The U.S. is calling the attack Titan Rain, and as Bruce Schneier points out, the attackers are very well organized. This from AFP:

A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity. “These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization,” Paller said in a conference call to announced a new cybersecurity education program. In the attacks, Paller said, the perpetrators “were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?”

So what are they after? Paller says they’re after sensitive information, and may have gotten it, including military flight planning software from its Redstone Arsenal. Here’s a bit more detail about how these guys work, from a TIME story quoting Shawn Carpenter, the hacker who uncovered the attacks:

Carpenter had never seen hackers work so quickly, with such a sense of purpose. They would commandeer a hidden section of a hard drive, zip up as many files as possible and immediately transmit the data to way stations in South Korea, Hong Kong or Taiwan before sending them to mainland China. They always made a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will. An entire attack took 10 to 30 minutes.

More on Carpenter in a Wikipedia entry here, and on his whistleblowing experience here. There’s an interesting piece by SearchSecurity’s Bill Brenner which looks at an August report by LURHQ dissecting the Myfip worm which appears to have been used by Chinese hackers to ferret around and grab PDF files. The worm has been around since August 2004. Later variants looked for Word documents, AutoCAD drawings, templates, Microsoft Database files, etc:

[Joe] Stewart [senior security researcher with Chicago-based security management firm LURHQ Corp] said his team was easily able to trace the source of Myfip and its variants. “They barely make any effort to cover their tracks,” he said. And in each case, the road leads back to China. Every IP address involved in the scheme, from the originating SMTP hosts to the “document collector” hosts, are all based there, mostly in the Tianjin province.

China, according to AFP, yesterday denied its military was involved in hacking:

“We have clear stipulations against hacking. No one can use the internet to engage in illegal activities,” foreign ministry spokesman Qin Gang told a regular briefing on Tuesday. “The Chinese police will deal with hacking and other activities disturbing social order in accordance with law.”

Doesn’t make a lot of sense as a denial. Is he saying no one is doing it? Or no one official? Or that it’s going on and the police will deal with it? Not the first time a Chinese spokesman has uttered something meaningless. But I guess so long as the U.S. doesn’t make any official, public complaint this guerrilla war will remain unacknowledged by both sides. I guess the obvious lesson here is that security is not just against sleazeballs after your money, but after your PDF files too. And don’t think that because you’re not military you’re not affected. If you’re any kind of company you might have something that is valuable in the corporate and government espionage world.

Any Place For The Wise, Wizened Hack In The Brave New Citizen Journalist World?

I was chatting with a journalist friend last night, real old-school wire service guy. We were talking about about blogging, about the decline of journalistic standards, and I was trying to make the point about the continuing misperception that bloggers are inherently unreliable and the traditional media aren’t. Nothing new there, but he told me a story about the BBC World TV channel falling for the Union Carbide/Bhopal story last December.

But it wasn’t just the BBC. Other news agencies picked up the story. But not all of them. My friend, who works for a prominent news service, says he was on duty that day and smelt something fishy. (He’s a modest guy so credited his boss with the decision. But I know how hard it must have been.) His agency didn’t run the story, and soon the retractions and backpedalling began.

Now it’s easy to be smart about these things. I’ve worked for a wire service, and I know the tremendous pressure there is to run with something if your rivals are. You’ve got to have a cool head, and most importantly, a good news sense, to hold off as the clock ticks down. My friend knew that there had been hoaxes before (this is not exceptional knowledge, as others have pointed out; these hoaxes tend to come around every Bhopal anniversary). But he also sensed the spokesman’s name was weird, and there was just something not right about it.

To me this is a skill that translates well to blogging, but needs to be carefully thought through. Bloggers tend to know their stuff; that’s why we read them. They are, or can be, a repository of wisdom about a subject, and know when something’s not right. Indeed, they not only report, but analyze, all on the fly. But we should also acknowledge that they are specialists, and their area of expertise may be quite narrow. My friend, meanwhile, is a generalist, knowing a little about a lot, enough to be able to make a call based pretty much on a gut feeling born of 30–odd years in the business. Where does this kind of experience fit into the new media world of citizen journalism?

When I visited OhmyNews, there was one guy with this level of experience, handling dozens of enthusiastic, but not professionally trained, reporters and editors. Chief editor Jeong Wooh Hyeon is a nice guy, committed, enthusiastic, and carrying the weight of that role that my friend plays in his newsroom. I like the way that OhmyNews has acknowledged the need for that kind of role, but I couldn’t help but wonder whether one was enough. It’s such an important part to play: the skeptic, the experienced eye, the balance, the nose for bias, a planted story, a hoax. But where do they fit, exactly, in the new media world?

Even Mayors Get Dialer Scammed

It’s not just small fry getting hooked in the great modem hijacking/dialer scam.

The Derrick, a publication from Pennsylvania’s Oil City, reports the town’s former mayor has become embroiled, demanding Verizon forgive $1,200 in charges. Verizon has so far refused to forgive Malachy McMahon’s debt.

McMahon is going after Verizon, who he sees as complicit in the scam: “For a corporation to condone and profit from this is beyond me, in the case of Verizon,” the publication quoted McMahon as saying. “It’s illegal activity. They’re after phone usage. It’s big-time money when they go overseas.” Local prosecutors are looking into this and other cases.

Part of the problem is that the billing is not just to the telco. Another company, National One Telecom, claims he owes $76 for calls. National One seems to make its money from charging an “entertainment fee” for accessing certain websites — which are not named on the bills. Some of the fee goes to the telco, some to National One. This is how National Telecom describes itself:

National One Telecom, Inc.’s mission is to provide billing solutions for clients with audiotext services, videotext services, long distance services, and other telecommunications services.

Our goal is to seamlessly merge Internet technologies with technologies seen in traditional telephone networks. Together with our clients we create a bridge between the two allowing for better ecommerce and telephone access to a wide national audience.

In addition to this, we are committed to helping our customers understand these new billing solutions and are willing to walk them through step by step in case they have any questions or problems. Thank you for your business.

Hmm. The most amusing bit of the Derrick story is this end quote from a Verizon spokesman: Modem hijacking, while “an industry-wide problem, is not really a telephone-company issue per se. It’s really an Internet issue.” Sure. Telcos, watch out.

(Hoax) Assault On A Dutch Blogger

[Note: Thanks to Mike at TechDirt and others for pointing out that this may well have been a hoax. The website GeenStijl now acknowledges that the person in question is alive, well and was not attacked. Here’s shutterclog and BlogHerald on the incident.

Apart from musing on the irresponsibility of whoever it was at GeenStijl who posted the hoax (and the likelihood the website itself will never be taken seriously as a source of information), the incident also raises interesting questions about the credibility of blogs vs traditional media.]

Blogging can be a dangerous business.

Bas Taart, a Dutch blogger, tells me that one of the contributors to the Netherlands’ biggest blog, GeenStijl (No Style), was beaten unconscious late on Monday at his home by three men wearing skimasks and wielding a baseball bat. The GeenStijl website says that the victim, known as ‘Chilean Guy’ had been threatened several times before.

A note on the website said “This event has caused us to stop our blog, effective immediately. We’re broken, stunned and don’t want to go on this way…. Apparently freedom of speech is no longer allowed in this country.”

Bas tells me that GeenStijl has made quite a few enemies, “taking on spammers, pedophyles, criminals and organisations that spend too much government funds”. Last week, according to Digital Media Europe, GeenStijl posted a copy of recording a convicted murderer had posted to his own website and was charging visitors to access.

The recording had the murderer’s former girlfriend informing the police that he was standing outside with a gun, while the sound of gunfire could be heard in the background. DM Europe quoted a spokesman for GeenStijl as saying “It is terrible that a criminal can make money on a murder he committed.”

Viruses And The Russian Connection

As feared, MyDoom seems to come from Russia. Or does it?

The Moscow Times quotes Kaspersky Labs as saying they used location-sensing software to trace the first e-mails infected with MyDoom back to addresses with Russian Internet providers. “It’s scary, but most serious viruses are written in Russia,” said Denis Zenkov, spokesman for Kaspersky, the country’s largest anti-virus software company.

This is not the first. Russians have long been virus writers. Dumaru, Mimail and Stawin may have Russian origins.

But what has changed in the last year or so, it seems, is the commercialisation of Russian virus writing. These viruses are no longer the product of idle, alienated, out-of-work minds, but of folk working for professional spammers and scammers. Another Kaspersky expert, Alexander Gostiyev, is quoted by AFP as saying the creators of MyDoom were not aiming to disrupt Internet traffic but to use infected computers to distribute unsolicited junk mail. The attack “was very well planned and prepared, perhaps for several months, and at least 1,000 computers were infected in advance,” Gostiyev said. “The virus could be of use above all to criminal groups seeking to distribute spam,” he added.

Spam, however, may be the least of it. There’s not much money to be made from spam, whereas there is from theft. Stawin, for example, records keystrokes when infected victims access their bank accounts, and sends the results to a Russian email address. British police are investigating the possibility that a wave of extortion attempts against gambling sites may come from Russia or Eastern Europe, according to Reuters. These attacks are related to the Superbowl: Those who don’t pay up are brought down by massive traffic, called a Distributed Denial of Service attack, or DDOS. A site dedicated to online betting has recorded at least 20 sports betting sites appeared to have been brought down over the weekend. With all the work that went into something like MyDoom, I can’t believe it’s only spam the creators are after.

Of course, this could all be a feint.

Agence France Presse quotes Kaspersky as saying “there is a still a 20-percent chance that this was an attempt to mislead. Virus programmers from other countries could have registered an email address in Russia” as a ruse. And it’s not entirely clear what Kaspersky means by ‘location sensing software’. This could mean more or less anything, and, as some folk have pointed out, the fact that Kaspersky is based in Russia makes it likely they will receive copies of the virus from Russian email addresses.

And it still leaves us with the fact that the virus was in part tooled to launch an attack on the website SCO, a company that has riled the Open Source community by claiming copyright over parts of the Linux operating system. The virus was designed to launch an attack on their website starting February 1: The website is presently down, apparently overwhelmed by traffic.

One final thing: There seems to be some confusion between the first and second MyDoom virus: Variations often follow when folk get inspired by the success of a virus, but that doesn’t mean the same guy, or guys, wrote both viruses. The presence of a note in English inside the second version of the virus, — sync-1.01; andy; I’m just doing my job, nothing personal, sorry — appears to have confused some folk. The source, and purpose, of the first MyDoom remains a mystery.

Diebold Confirms Dropping E-voting Suit

 Diebold, the electronic voting company and the subject of a recent Loose Wire column, have confirmed that they’ve decided not to sue folk who published leaked documents about the alleged security breaches of electronic voting. 
 
AP reports (no URL available yet) that a Diebold spokesman promised in a conference call Monday with U.S. District Judge Jeremy Fogel and attorneys from the Electronic Frontier Foundation that it would not sue dozens of students, computer scientists and ISP operators who received cease-and-desist letters from August to October. 
Diebold did not disclose specifics on why it had dropped its legal case, but the decision is a major reversal of the company’s previous strategy. Ohio-based Diebold, which controls more than 50,000 touch-screen voting machines nationwide, had threatened legal action against dozens of individuals who refused to remove links to its stolen data.
 

Update: One Of Microsoft Security Report Authors Fired

 One of the authors of the security paper (PDF file) that said Microsoft was a threat to national security has been fired, according to CNET. Cambridge, Mass-based @Stake, where Dan Geer worked as chief technical officer, said in a statement Thursday that the researcher had not gotten his employers’ approval for the study’s release, and that he was no longer associated with the company. Although independently financed and researched, the study was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft’s rivals.
 
A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer’s status. Bruce
Schneier, a security expert and co-author of the report, saw things differently, according to CNET. He said the idea for the report had come from Geer and the other researchers, not from the CCIA or other Microsoft rivals. The group had found it hard to find other researchers to sign on to the idea, even if those approached agreed with the study’s premises, he said. “When we were conceiving and writing the report, a surprising number of researchers said ‘No,’ because of the fear of Microsoft,” Schneier said. “Dan was not talking for @Stake. We were speaking as researchers. The fact that @Stake couldn’t get around that shows the pressure that Microsoft brings to bear.”

Update: Microsoft Deny Bursting

 Here’s Microsoft’s take on the Burst.com case I mentioned in a previous posting. Would the correct version please stand up? In a nutshell it comes down to the question: did Microsoft deliberately erase weeks of emails from all servers and backups related to the case?
 
Winnet.mag quotes a Microsoft spokesman as denying that a judge ordered Microsoft to turn over “missing emails” and said that Burst.com’s account of that part of the trial is inaccurate and groundless. “Their fundamental premise, that there were missing emails from a specific period of time, is simply wrong. [At the hearing, we] discussed a routine discovery issue arising from the fact that not every email sent or received gets saved. [The judge] simply directed us to do a more thorough search of our backup files to search for any emails that, as a matter of business routine, were not saved elsewhere.” This is either spin out of control, or Robert X. Cringely’s version is wrong.