The Gates Are Open, Phishers Welcome

By | November 23, 2011
2 Comments

I’m probably naive, but I’m gobsmacked that, nearly 24 hours later, a phishing website is still active despite my alerting the registrar and host of the domain in question. The only access was via a form so I’m not able to record my email to them but it was shortly after I posted the comment above.

I’ve not been able to contact the bank in question because there’s no media contact that I can find on their website. The scam has been recorded here and the Halifax website seems to be down so perhaps something is happening. But why is the original phishing site still up? And why don’t banks have an easy way for members of the public (or journalists, for that matter) to alert them to such scams? Millers Miles, which records phishing attacks, has recorded more than a dozen against the Halifax in the past year. 

technorati tags: ,

China Cracks Down on Beautified Soccer Hooligans

By | November 23, 2011
1 Comment

Further to my post about China’s facial recognition, a system — possibly the same one — will be used to ban soccer hooliganism at the 2008 Summer Olympic Games, the Beijing News reported on Wednesday. It will even work on those who try to look their best for the occasion: 

If the hooligans attempt to enter stadiums to watch soccer games again during the one-year term, police are obliged to take them away from the games, it added. Face recognition devices to be installed at the stadiums will be able to spot hooligans even if they wear heavy makeup, Liu Xuechao, a senior police officer with the Municipal Public Security Bureau, was quoted as saying. “

For some reason I can’t shake the image of hordes of Chelsea fans wearing lipstick and too much eye-shadow.

technorati tags: , , , ,

Phishing and the Peril of Fonts

By | November 23, 2011
2 Comments

I’m amazed at how lax domain registrations still are, despite the fact that phishing is now so much a household word that even my mum’s heard of it. But here’s another trick being used to try to dupe those people who still remain gullible: change the “o” in online to “c” because in many email readers it will look more or less the same:

Halifax2

Which it does, actually. Quite a neat trick, if you like that kind of thing. (There really is a Halifax Online, and the website address is exactly the same, minus the o/c thing. Even the homepage is the same Javascript login page as above, and everything looks the same minus a note at the bottom saying the bank never asks for personal details via email.)  Clicking on this link will take you to a webpage, that, surprise, surprise, looks very much like the UK’s Halifax Building Society:

Halifax3

I haven’t investigated it further, but I’m assuming the data entered quickly finds its way into the pockets of scumbags, and there’s probably some other nice bits and bobs being loaded onto one’s computer as it happens. The site is still live as of writing, with the address in the first screenshot above.

What amazes me is that the registrar won’t bat an eyelid at what is obviously a very dodgy domain name — Halifax being quite a well-known brand in the UK — and, indeed, even accepts the registration as a “private” one, and therefore allows the person registering the domain to not submit any address or phone number:

The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service.

The registrar in this case is PIPEX Communications Hosting Ltd, also known as 123-Reg.co.uk, whom I’ve asked to comment on this. Halifax is also being told about it, just in case they don’t know.

Newspapers, And Exaggerated Reports of Their Demise

By | November 23, 2011
7 Comments

(A podcast version of this post is available here.)

Steve Rubel, powerblogger (does anyone blog more than Steve? No one in my feed list does) complains about how newspapers offer only partial RSS feeds: for those of you not following this, an RSS feed is a bit like a newswire, a stream of stories as they are published, arriving in the subscribers inbox (or reader software, or customised homepage, or dynamic bookmark folder. A partial RSS feed is a bit like a newswire that only gives you the first few paragraphs of a story, requiring you to go to the newspaper’s homepage (in my newswire analogy, run into the next room to find the rest of the story on the the whole, scrolling ticker tape machine).

I agree with Steve, it’s dumb. Not a smart way to go. Where I don’t agree is when he reckons that newspapers as physical folds of paper will be dead in a decade:

Flash forward 10 years from today. We will look back and laugh how quaint it was that we received our news on dead trees. Yes, I am saying the word “newspaper” will be a misnomer. News will be delivered automatically each day, not by the paper boy, but via wirelessly enabled e-paper devices that are easy to read. All of it will be powered by RSS.

Steve is being a tad provocative here, although not as provocative as he would have been had he said it a few years ago. The conventional wisdom is that newspapers as a delivery mechanism is dead. To which I’d like to be equally provocative: let’s meet again in 10 years and see whether this is true. Yes, we know the younger generation aren’t reading newspapers. Yes, we know newspapers are in financial trouble. Yes, we know that newspapers are not an elegant delivery mechanism. Yes, we know that there are better ways of getting information to us. And we’re only beginning to scratch the surface of how better to represent news information. But we also know this:

  • people love great writing, and it’s rare to find it on blogs, where by definition writing is fast and, usually and unlike this post, brief;
  • people love great reading — as in, laying back with a coffee, sitting on a train, by the pool/sea/prison wall, reading something they enjoy. No technology has replaced paper for this, nor is it likely to. Yes, there are cool tools for e-paper, and these will have their uses, but they won’t replace paper.
  • people love good editors. Editors are not there just to put all the stories together. They’re there to decide what may make interesting reading, from commissioning articles to laying them out on the page and deciding a headline. When we buy a newspaper we’re paying in part for the editor’s choice of stories on the page. We’re effectively saying to the editor: You have a better idea of what is out there, and I trust you. Tell me. Inform me. Entertain me. (Today’s front page of one of my regular newspapers today had three great stories I would never have found had I just confined myself to my regular newsfeed: on reclassification of U.S. documents, on a failing Hong Kong plan for a cultural centre; on East Timor trying to avoid the pitfalls of an oil bonanza.)
  • people love to get their newspaper wet/dirty/crumpled/folded/annotated/left behind/eaten by the dog. A newspaper is a very flexible device, and it’s cheap enough so I don’t mind that I drop it in the bath. I’m not sure the Sony ePaper device is going to be as easy to dry off.

Paper
You can also hit people with it

Newspapers are in crisis. And they should be smarter about RSS, and understand their value is not in hot news, but in a perspective, a gathering of features, commentary and semi-hard news stories. We can laugh at their slowness — especially in covering things online, which for them is a bit like an adult trying to figure out what the hell is going on in the minds of their teenage offspring. But we should be really careful about writing off them, or their tried and trusted delivery mechanism, any time soon. See you in 10 years Steve, and let’s see who’s right.

The Limits to Anonymity in an Online News World

By | November 23, 2011
2 Comments

A good piece in The Washington Post about an anonymous young American hacker is coming under scrutiny (thanks, Techdirt) for possibly revealing, inadvertently, the location of the hacker. This may have been done by what is called metadata, or extra information, in the photograph that accompanied the article. The hacker’s face in the photo is only partially in view, but some individuals have studied the metadata which seems to identify the photograph as having been taken in small town in Oklahoma.

Using other information in the article, which gives a pretty complete description of the hacker — “tall and lanky, with hair that falls down to his eyebrows… lives with his folks in a small town in Middle America .. nearest businesses are a used-car lot, a gas station / convenience store and a strip club…” some other commenters have tried to narrow down his home even further. Armed with such apparent detail, has The Washington Post inadvertently blown the cover of someone who asked them not to?

Actually, it’s not yet clear. The author has made it clear he is aware of the comments, and, according to one article, said he doesn’t want to comment about speculation. Someone claiming to be the hacker in question says on a discussion on the Washington Post reporter’s blog, that his location according to the metadata is “way off from where i reside”, adding that according to the reporter “it was old metadata”. The picture itself has been withdrawn, raising another commenter on the same blog to ask: “If those photos had old metadata, then why were they removed from the WP article and from the WP servers? It’s suspicious at best, and looks like destruction of evidence and interference with an official investigation at worst.”

I don’t know enough about how these kind of fields are entered into cameras to be able to offer any useful comment on this. It would appear that the fields in question are from the International Press Telecommunications Council’s list of NewsCodes, which sets a standard of fields for news organisations for better retrieval and database compatibility. So should the fields be trustworthy? I assume unless the data is automatically generated — technical information such as device model, focal length, exposure time etc, or location data by a GPS unit linked to the camera, say — the metadata itself should not be relied on too heavily, in or outside court. If the data is entered into the camera manually by the photograher it’s hard to imagine that being done conscientiously with each location change; if it’s done when the photos are moved to a laptop or desktop, then perhaps it might be more reliable but still could hardly be considered firm evidence.

Whichever way around, it raises one or two interesting questions. If the data is accurate, what other news photographs might throw up interesting secrets if we looked hard enough? If the data wasn’t accurate, what does that tell us about the usefulness of NewsCodes and other such metadata?