Tag Archives: Wagstaff

Meet Veronica, Sexy Skype Spammer

image

Maybe this is commonplace for others, but I’ve just got my first sex-chat-spam on Skype. It’s from someone called Veronica Sexy, whose profile indicates that it’s unlikely to be someone I’ve met and just forgotten about (as if I would):

image

Just in case you can’t read that last bit, it reads:

can’t wait to get real nasty and show off 🙂 IM REAL MISS WEB CAM!

Reply to the message and immediately you’re asked to share your contact details (a la Skype.) I didn’t risk having Veronica spam all my friends (not sure how that would work, but I’ve got some nice people on my list, and I’d hate for them to be upset.) But I did reply to her message, and her responses were quick, and, dare I say it, felt a trifle automated:

[8:53:55 AM] Veronica sexy says: Hi are U busy?
[9:03:43 AM] Jeremy Wagstaff says: hi
[9:03:50 AM] Veronica sexy says: How are u ?
[9:04:30 AM] Jeremy Wagstaff says: i’m great. who are you?
[9:04:31 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:36 AM] Jeremy Wagstaff says: no thanks
[9:04:37 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:45 AM] Jeremy Wagstaff says: i’m a bit busy. really
[9:04:47 AM] Veronica sexy says: My internet connection  is very bad come on http://www.SkyperSex.com !!!

[9:04:54 AM] Jeremy Wagstaff says: my internet connection is great!

That was the last I head of Veronica, although her scent lingers on.

The web address, by the way, is pretty much what you expect it will be — lots of alleged clips of ladies cavorting. The administrator of the website is one Alexandrof Tiberiu in Moscow, who also owns www.yourlivecams.com.

I guess what’s interesting here is that Skype don’t seem to do much policing of this kind of thing. This could be a sex site spam, or it could be something worse.

(If you want to prevent Veronica getting in touch with you, go into Skype options, Privacy settings, and click on the Show Advanced Options button. Make sure the Allow chats from… option is only people in my Contact List:

image

Chances are Veronica won’t come calling. Frankly, your life won’t be the poorer for it.

Technorati Tags: , , , , ,

Hi, I’m Sheila from Phishers ‘R’ Us

It amuses me that banks talk about security but rarely apply it in a consistent enough way to save people like you and me from getting scammed. Take what just happened to me this morning:

My bank rings me up (the number is a private number so doesn’t show up on my screen, but that doesn’t seem to be unusual anymore; nearly half of the people who call me seem to withhold their number these days. In any case, it’s not hard to fake a callerID.)

The woman on the phone tells me there’s been a problem with my last phonebanking transaction. Before she can tell me more, she asks me to key in my six-digit phonebanking ID, she says. I’m just about to do so, eager to sort out the problem, when I realize that I’ve not confirmed that she is who she says she is. So I ask her:

“Sorry, but I need to confirm who you are first.”

“Yes, I am Sheila and I work for the phonebanking division.”

“Yes, but how do I know you’re Sheila from the phonebanking division, and not Sheila from Phishers ‘R’ Us?”

Clearly Sheila hasn’t faced this kind of situation before.

“Er, well, if you key in your phonebanking ID, I can tell you details about your account, and that will confirm it.”

“Well, it may do, or else it would tell me you’d already succeeding in hacking into my account and were now just toying with me.”

A pause.

“Yes, but the PIN number goes straight into the computer,” says Sheila, a bit nonplussed now.

I try to explain that a) I’m not personally accusing her of being a scammer, only that I have no way of confirming whether she is a bank employee or a clever social engineering fraudster because she called me first and b) that technology makes it eminently possible that someone could capture my six digit PIN if I key into my phone. (A simple decoder attached to the phone will grab the DTMF signals (the beeps when you press a key) and figure out what digits they represent. I didn’t tell this to Sheila because she was already beginning to sense I was a ‘difficult customer.’)

In the end I tell Sheila I’m going to call her back, to which she politely agrees. When I later explain to her that the bank should think about plugging the hole in their security fence, she listens politely, thanks me for my feedback, and says:

“One last thing, Mr. Wagstaff. I don’t know if you’ve been told but we’re running a promotion at the moment that for every customer you’re able to bring in you get a $200 gift voucher for redemption at Takashimaya Department Store.”

A bank with its priorities right, it seems.

What amazes me about this is that banks don’t seem to have learned from past mistakes. A few months back I wrote about a scam in Hong Kong which uses exactly this tactic. Fraudsters stole wallets and handbags at a sporting event, removing only the ATM and business cards. The victims then got phone calls the next day pretending they’re from the bank informing them they’ve lost their card, and asking them to approve cancellation of the card by keying in their PIN number.  Voila. If Sheila was Sheila the Scammer, someone would be at least half way into my account by now.

I wish banks would be smarter about this. I wish in particular the banks I use would be smarter about this. Scammers are clever, particular about social engineering — the art of lulling people into a sense of false security. We ordinary people want to please, and we want to help solve a problem, especially if it’s connected to us, so we’re easy prey for someone at the end of the phone offering both.

The lesson is the same as the one I’m always trying to pass on: Don’t give anything to anyone just because they ask you to. Find out first whether they are who they say they are. A realtor asking for a deposit? Show me the documents that prove you are authorized by the landlord. Here to check the meter? Where’s your badge? Valet? How do I know you’re not just a guy in a red jacket and jaunty hat about to steal my car?

Authenticate, authenticate, authenticate. And if it’s someone like a banker, a real estate agent or an official, be hard on them if they seem impatient with your efforts. It’s your money, not theirs.

The Slashdot Report Part II: Where Does The / And The . Come From?

 This week’s column is about The Slashdot Effect, (subscription only, I’m afraid) and I’ve already started receiving mail telling me my explanation of the term Slashdot is wrong. Here’s what I wrote:

Slashdot (slashdot.org, named after the slashes and dots in a Web site address)

One reader commented:

Hi Jeremy, The slash and dot in Slashdot do NOT refer to “the slashes and dots in a Web site address.” They refer to having “root access” on a Linux (or Unix) computer, meaning godlike power to do whatever you want to do with the machine, like being an Administrator on Windows XP. Getting root access to a remote machine is the holy grail of hacking, because it means you “own” that machine. The slash and dot refer to how you would change what directory you are in when using a command-line interface.

In MS-DOS, or the command prompt in Windows XP, you might do: C:>cd c:windows

But in Unix you would do: cd /.

Hence, Slashdot.

while another slight variation:

Actually Mr Wagstaff,

slash dot is from “Unix”. The “bourne shell” command “ls” (for list) will report the contents of the Root Directory when you type “ls /.” The inverse “ls ./” reports the contents of “Here” (your current working directory).

        /. “News from the Root”

and 

        ./ “Here be News for Nerds”

Don’t worry that you didn’t get the “hidden in plain sight” meaning. Non-Nerds never do.

(I really appreciate the ‘Mr Wagstaff’ bit. Thanks). Both are interesting definitions, but are they correct? I based my definition on Slashdot’s own FAQ, which says:

 What does the name “Slashdot” mean?

“Slashdot” is a sort of obnoxious parody of a URL. When I originally registered the domain, I wanted to make the URL silly, and unpronounceable. Try reading out the full URL to http://slashdot.org and you’ll see what I mean. Of course my cocky little joke has turned around and bit me in the butt because now I am called upon constantly to tell people my URL or email address. I can’t tell you how many people respond confused “So do I spell out the ‘dot’ or is that just a period?” 

Of course, this doesn’t necessarily make the other explanations wrong: Slash and dot could still refer to the Unix command, making the website name both a parody and an in joke.

Column: the Sony Clie PEG-NX70V

Loose Wire: A Delight to Behold

By Jeremy Wagstaff
from the 19 December 2002 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.
 
Sony’s newest PDA casts a love-at-first sight spell with its stunning good looks and exciting multi-media features. But will you still love it tomorrow?
 
Sony has long mastered the art of ensuring you fall in love immediately with its products. I’m not sure how it does it, but when I set eyes on the very first VAIO notebook computer five years ago, I had to have it. With its smooth metallic finish and purple trimmings, it still looked good when I had to dump it years later. Since then, the love-at-first-sight syndrome is certainly true for Sony’s new personal digital assistant, or PDA, the Clie PEG-NX70V [$600]. Its magnesium casing, large screen and swivelling clamshell top are awe-inspiring, and you feel yourself instinctively reaching for your wallet. But would the love affair last?
 
 
I’m still in two minds about it. This is definitely Sony’s most ambitious PDA. It offers a very high-resolution screen [320 by 480 pixels, or dots, to be precise] that makes Palm’s look miserly, an MP3 player, a built-in keyboard and a voice recorder, as well as a camera, a video recorder, a 200 megahertz chip, the latest [version 5.0] Palm operating system and a slot for a wireless card to hook the device up to a wireless network. Extraordinary stuff for a gadget that weighs eight ounces and measures less than 3 inches wide by 5.5 inches long. At first blush, it’s the answer to all your prayers: It’s a fully fledged Palm-powered PDA, with all the bells and whistles your work requires, and it doubles as a modest but usable camera, will play back music and record interviews and meetings.
 
Now for the cautionary tale. First, Sony has a reputation for building sturdy and beautiful products [even if the product-naming department should be forced to name its offspring the way it choose names for its products, which are invariably nonsensical combinations of letters and numbers]. But computing, in my view, is still not Sony’s strong suit. The bundled programs to unlock all these features are a mixed bag and, after numerous requests to reboot my computer, I wasn’t quite sure what I had installed and what I hadn’t.
 
Another downer: In theory there’s enough that comes with the Clie to get you on the road, but you won’t get far without at least one widget that doesn’t come with it — a Memory Stick. These chewing-gum lookalikes are Sony’s proprietary memory cards that you see happy young people in Sony ads swapping between computers, MP3 players, cameras and video recorders. That the Clie doesn’t come with one [a] reflects Sony’s somewhat arrogant assumption that everyone is already bursting with Memory Sticks and [b] means that unless you are already a Sony convert you can’t make use of the most interesting features of the device. [The PEG-NX70V comes with 16 megabytes of memory but five megabytes of that is already taken up with Clie programs].
 
Bottom line: Expect to shell out $100 or so for another 128 megabytes of memory if you want to take photos, video, or use the audio features.
 
I encountered other snags that tested my passion for the PEG-NX70V, or Peggy V as I started calling her. Being in the entertainment business, Sony is still somewhat schizophrenic about the MP3 revolution — where folk can convert CDs and whatnot to a very slimmed-down, portable file format called MP3 — and it shows on the Clie.
 
MP3s have scared the living daylights out of the music industry because there’s nothing stopping anyone swapping their CD collection over the Internet with any Tom, Dick or Harry — for free. Not surprisingly, the bundled software for moving music onto Peggy V from your computer converts the MP3, or CD, into Sony’s own format called ATRAC3, which [you guessed it] limits what you can do with the music.
 
The result: A silly mess that will alienate users and further muddy the waters. Solution? Buried in the manual is a workaround, which basically allows you to move MP3 files directly onto the Memory Stick, which you can then listen to on Peggy V without restrictions.
 
My verdict: Aesthetically delightful, Peggy V might not be the companion she promises to be. Palm would do well to copy the Clie’s screen design, whereby the scribbling pane doubles as part of the screen itself, but overall the PEG-NX70V’s extra features aren’t quite as seductive as they first appear. It won’t stop me holding onto mine as long as I possibly can, but I’m not ditching my MP3 player, my voice recorder, or even my Palm Tungsten, for the time being.
 
 

Column: Deep Purpled

Loose Wire — And Now, I Show My Age

By Jeremy Wagstaff
from the 16 May 2002 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.
 
I was drinking beer backstage with the guys from Deep Purple the other day (I’ve always wanted to be able to say that) when I got to thinking: Technology has transformed pop music in the past 20 years, and at the same time, nothing’s changed at all.
 
Admittedly, this thought followed two and a half hours of Black Night, Woman from Tokyo and Smoke on the Water (anthems that were injected straight into the drinking water at my school: If you didn’t know the lyrics of Child in Time you ran the risk of being beaten up or, worse, forced to listen to the whole 10-minute song), so I might have been hallucinating. But when you see guys — three of them in their mid-50s — adopting poses unchanged since 1972, you’d be forgiven for thinking that popular music is a static beast: Guys with long hair in uncomfortably tight clothing jump around stage wielding electric guitars; audience goes crazy, waves arms with lighters aloft, burns fingers, goes home happy.
 
But beneath all this there’s been a seismic shift in how music is composed, played, recorded and performed. Nowadays you’re just as likely to attend a concert by a disc jockey, a hybrid DJ-musician or just a guy with a couple of laptops and a mixer. And you’ll hear people talking about the rise of interactive music, where nonmusicians in the audience are just as likely to contribute as the artists themselves. Music, we are told, has been liberated from its traditional paddocks of proficiency and performance. I’m not sure it’s that simple, but almost.
 
Since the demise of my incredibly talented — but contract-deficient — 1980s band, Puzzled But Dancing, I’ve dabbled with synthesizers and home recording. My first synth, as we pros call them, was about the size of a laptop. Instead of keys, the Wasp — made by now-defunct British company Electronic Dream Plant — had a two-octave pad. It was so sensitive that with the slightest condensation it would spew random notes that would make Deep Purple’s Jon Lord proud, but which were somewhat embarrassing during a gig. Such analogue beasts are museum pieces now: You can emulate them on your computer with programs called softsynths. Reason by Sweden’s Propellerhead Software (www.propellerheads.se) mimics a whole studio in real time. At $400 it sounds steep until you realize you’d spend that much on one piece of real equipment.
 
Composing has changed a lot, too. I could afford only a four-track recorder and spent hours trying to cram tracks together without them sounding as if they’d been recorded through rugs. The advent of a standard called MIDI allowed us to link keyboards, synthesizers and drum machines and store music as data, in the same way word-processing software lets you fiddle with a document.
 
This wasn’t easy: Ten years ago I was still messing around with a piece of DOS software called Cakewalk trying to harness my growing synth collection, but I spent more time trying to get the machines to talk to each other than actually making music. (With hindsight this might have been a blessing.
 
Still, once instruments could be hooked up to computers, music was quick to break out of its elitist confines. With software anyone could create music out of anything, without training or expensive gear. More than 900,000 people now use Cakewalk daily. In an interview in the May issue of Wired magazine, British composer Matthew Herbert describes how all the sounds in his song Starbucks come from doing everything to a frappucino and caramel latte except drinking them (www.magicandaccident.com/_MoD//mp3/Starbucks.mp3).
 
Purists, no doubt, will groan. But there’s room for everybody. Deep Purple will be around for aeons to come, though the line-up will probably change, as older members are replaced by their grandchildren or robots, but elsewhere technology will pioneer new forms of creativity we can only guess at. If someone who thinks a semibreve is a fancy name for a thong can make sounds from a laptop that entertain us, and make us dance, then who’s complaining? The only constant will be that anyone who picks up a guitar for the first time will still try to play Smoke on the Water. Which is probably no bad thing, since I know the words.