Nightmare on Spyware Street

By | November 22, 2011
5 Comments

A case in Connecticut has exposed the legal dangers of not protecting your computer against spyware, as well as our vulnerability at the hands of incompetent law-enforcement officers.

Teacher Julie Amero found herself in a nightmare after spyware on her school computer popped up pornographic images in front of students. Instead of realising this was spyware at work, the state accused her of putting them there and forcing her pupils to watch.

In June of 2007, Judge Hillary B. Strackbein tossed out Amero’s conviction on charges that she intentionally caused a stream of “pop-up” pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on “erroneous” and “false information.”

But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made — even after computer experts from around the country demonstrated that Amero’s computer had been infected by “spyware.”

It seems the nightmare may be coming to an end, but not without a price. She’s had to admit to one misdemeanour charge and surrender her teaching licence. She’s also been hospitalized for stress and heart problems.

The lesson? This was a school computer, and it seems the school failed to install the necessary updates and protection to prevent the spyware from loading itself. That’s probably something Amero should be exploring with her lawyers.

But there’s a bigger issue. We need, as individuals, to take more reponsibility for the computers we use—to learn the basics of protecting them from attacks, and to be able to at least identify what the problem is when something like this happens. It may have taken a techie guy to clean the computer in this case (I admit spyware is really hard to get rid of) but knowing, roughly, what the problem is should be the bare minimum of our working knowledge of the computers we use.

Connecticut drops felony charges against Julie Amero, four years after her arrest – Rick Green | CT Confidential

Puppy Love, Army Trojans and Perfecting the Phone Call

By | November 22, 2011
0 Comment

I make an appearance on the excellent Breakfast Club show on Radio Australia each Friday at about 01:15 GMT and some listeners have asked me post links to the stuff I talk about, so here they are.

Love on the net

Teenage social networking isn’t so bad, according to the MacArthur Foundation. According to the lead researcher on the project, called the Digital Youth Project, “their participation is giving them the technological skills and literacy they need to succeed in the contemporary world. They’re learning how to get along with others, how to manage a public identity, how to create a home page.”

The study, part of a $50 million project on digital and media learning, used several teams of researchers to interview more than 800 young people and their parents and to observe teenagers online for more than 5,000 hours.

The bit I like in the NYT report is the shameless flirting that goes on, cleverly disguised:

First, the girl posted a message saying, “hey … hm. wut to say? iono lol/well I left you a comment … u sud feel SPECIAL haha.” A day later, the boy replied, “hello there … umm I don’t know what to say, but at least I wrote something …”

U.S. Military Under Attack

Spooked by the rapid spread of a worm called Agent.btz, the U.S. military has banned everything from external hard drives to “floppy disks.”

USBs are a problem: Lenovo this week offered a software package to XP users with a Trojan dropper called Meredrop, found in one of the drivers.

And Telstra earlier this year handed out USB drives at a security conference that were infected with malware.

Could it be China?  The conclusions reached in this year’s US-China Economic and Security Review are far more dramatic than before. In 2007, it says, about 5m computers in the US were the targets of 43,880 incidents of malicious activity — a rise of almost a third on the previous year.

Much of the activity is likely to emanate from groups of hackers, but the lines between private espionage and government-sponsored operations are blurred. Some 250 hacker groups are tolerated, and may even be encouraged, by Beijing to invade computer networks. Individual hackers are also being trained in cyber operations at Chinese military bases.

 

How to Make the Perfect Phone Call

According to the UK Post Office, the perfect phone call should last nine minutes, 36 seconds and contain a mix of chat about family news, current affairs, personal problems and the weather.

Three minutes of that should be spent catching up with news about family and friends, one minute on personal problems, a minute on work/school, 42 seconds on current affairs and 24 seconds on the weather. Chat about the opposite sex should last 24 seconds. 12 seconds of every call should be set aside for a little quiet contemplation.

One in five people said they spent most time on the phone to their mother. The research, by the Post Office, revealed that the phrase “I’ll get your mother” is common. Only three per cent of people named their father as the person they spent most time on the phone with.

Susan042764

“Please help!,” she writes. “I took my husband’s iPhone and found a raunchy picture of him attached to an email to a woman in his sent email file. When I approached him about this, he admitted that he took the picture, but says that he never sent it to anyone.

“He claims that he went to the Genius Bar at the local Apple store and they told him it is an iPhone glitch – that photos sometimes automatically attach themselves to an email address and appear in the sent folder, even though no email was ever sent.

“Has anyone ever heard of this happening?,” she asks. “The future of my marriage depends on this answer!” Read more here.

Think Hard Before You Get Linked In

By | November 22, 2011
12 Comments

I’ve been trying to remove a contact on LinkedIn who proudly claims to be one of the best linked people on the planet. Why that’s a good thing I’m not sure, but I noticed I was getting LinkedIn spam—spam to my own email address, but coming via LinkedIn–from this person, so I tried to remove him

Turns out that it wasn’t enough. This morning I got an email from another guy claiming to be the best connected person on the planet (“(he is one of the most linked people in the world”) who said I had been referred to him by none other than the LinkedIn spammer guy I thought I’d removed eight months ago. He wrote:

If so, then please accept my connection request. Since I presently have over 8,900 first tier connections, I cannot send an invitation to you because I have exceeded my limit. Therefore, to connect with me and to benefit from the millions of total connections that I have, click here: [LINK DELETED] and enter my email address [EMAIL DELETED].

So what gives? How come someone I removed from my LinkedIn network is able to refer me to someone else who has somehow been able to get my email address despite not being my buddy, nor connected to a buddy of mine? I’m asking LinkedIn about this, but I also wanted to know what happened to the original spammer I’d deleted. Was he still in my system?

Turns out he is.

Removing a connection in LinkedIn is not, it turns out, the same as removing a contact. It seems to work like this (and I might be wrong, because the explanations on LinkedIn are contradictory.)

The FAQ says you remove a connection via the Remove Connections link:

image

which takes you to a separate list:

image

What you’ll notice about this list is that, unlike your Connections list, it’s not alphabetical. Well it is, in that you can jump straight to a letter (M, say) but within that list the contacts are not in sub-alphabetical order. A cynic would say this is an extra deterrent to connection-pruning, but I’m not a cynic so I won’t say that.

But you might notice this:

image

Huh? Good that the connection won’t be notified that they’ve fallen off your Christmas card list, but how come they’ll still be on my list of contacts? And  how does it square with this other note, on the same page, that says:

Note that once this action is completed this individual will not be able to be added back as a connection.

So the person you’ve gone to all this trouble to remove will still be in your contact list—no way that I can see of removing them from there—but you can’t change your mind and then re-add them back as connection. You can, however, re-invite them, and, indeed, they will remain in your contact list as a constant reminder.

(Just out of interest, how do you re-invite someone to be a connection who didn’t know you’d banished them before? How do you explain that, exactly? “Sorry, I hated you before, but now I don’t hate you anymore?” Could be a good lyric in there.)

Confused? So am I? But here’s the kicker: Does the fact that he’s still in my contacts, and that he’s out there, apparently, recommending me to other LinkedIn spammers, mean I’m still in the LinkedIn spammer’s list of connections?

I suspect it does, because he’s still in my list of connections (but not in my Remove Connections list, if you’re still with me) and he’s still listed as 1st in my list of connections—meaning we still have a connection.

In other words, unless this is a glitch, it is impossible to remove a connection from LinkedIn once you’ve established one.

I’m going to ask LinkedIn to shed light on this. But if it’s true, it should give you pause for thought before you accept a connection via the otherwise useful service. It’s one thing to build one’s network. It’s another to find you have no control over that network—and who in that network might use the information you put there—once it’s built.

The Lost World of Yahoo

By | November 22, 2011
2 Comments

This piece was written for a commentary on the BBC World Service Business Daily about Jerry Yang’s decision to resign as CEO.

Back in the early days of the World Wide Web there was really only one name. Yahoo. You could tell it was big because it was what you’d type in your browser to see if your computer was connected to the Internet.

Without fail: Yahoo.com. It’s been around since 1994, since Jerry Yang and David Filo, two grad students at Stanford, built a list of interesting websites, a sort of yellow pages for the Internet. They called it, first, Jerry’s Guide to the World Wide Web, and then Yahoo. By the end of 1994 it had a million hits. By 1996 it had gone public.

And, I reckon, it’s been slightly lost ever since.

Not that you’d know that from the figures. It’s the most popular website in the world. Nearly half that traffic is actually email, according to Alexa, a website that tracks this kind of thing. Nearly everyone on the planet, it seems, has a Yahoo email address.

But there’s also other stuff: search, news, auctions, finance, groups, chat, games, movies, sports. And Yahoo has been pretty consistent for the 14 years of its life: If you look at its homepage, the place where you’d land if you typed in yahoo.com, it wouldn’t look that different in 1995 to what it looked like in 2005. The familiar red Yahoo logo at the top of the page, a little search box, and then some links to directories.

But since then things have got more complicated. The guys at Google made a better search engine, so much so that their name has become a verb, a shorthand way of saying “look up something or someone on the Internet.”

That kind of left Yahoo behind. So far, I’ve not heard Yahoo used as a verb, or a noun, at least in a positive way. And Google also figured out how to make money from it, which stole another bit of Yahoo’s thunder.

But it hasn’t stopped there. Internet speeds have got faster. We’re now connected most of the time, via computer or cellphone. Upstart bloggers have toppled big media conglomerates. So now all the big players—Microsoft, Google, Yahoo—are not quite sure what they are: Media companies? Advertising companies? Software services company? A mix of all three?

So it’s no surprise that Jerry Yang has been unable to articulate what, exactly Yahoo itself is. If you’re not sure what your company is, never mind that you founded it, you shouldn’t be sitting in the CEO’s chair.

The truth is that there are two Yahoos. Ask an ordinary user and they’ll know about Yahoo. The email program. The instant messenger. The news portal. To millions of people Yahoo is comfortable and familiar.

Ask a geek and they’ll talk about another Yahoo: all the cool stuff the company engineers are doing. Pipes, which lets you mash data together in interesting ways. Fireeagle, that blends together information about where you are. And there’s the stuff they’ve bought that most people don’t even realise belongs to Yahoo: delicious bookmarks, for example, or Flickr photos.

People may be down on Yahoo right now, and the share price isn’t pretty. But it’s still a big brand, known around the world. And, despite their frustrations, beloved by many geeks.

One day someone will come along and find a way to package all this stuff together, or sell bits of it off. Then Jerry’s Guide to the World Wide Web will find its way again. It just doesn’t look like that person is going to be Jerry himself.

Pig Gelatin Proves Oswald Acted Alone

By | November 22, 2011
1 Comment

image

Advances in technology—specifically, in blood spatter analysis and crash test dummies—have been harnessed to prove that it was, in fact, Lee Harvey Oswald who killed JFK.

Blood spatter analysis has, apparently, been around for a while, but only recently has it gotten good enough to know what the spatter actually means. (More here, if you need to know and don’t mind pictures of spatter.)

Reconstructing the scene for a documentary by the Discovery Channel also involved another key piece of technology: the lifelike dummy. Technically they’re called ‘artificial surrogates’ and they’re made by an Australian company called Adelaide T&E Systems (motto: “engineering the world’s most biofidelic test platforms.” Biofidelic is a fancy word for lifelike.)

The Frangible Ballistic Heads (a great name for a band) are made from three different materials which simulate the brain, skull and external soft tissue (skin), which goes to make the spatter more lifelike. (The brain is made from gelatin made from pig skin and then dyed green, in case you’re trying your own Grassy Knoll reconstruction at home.)

The head was custom-fitted, based on JFK’s hat size. It was then attached to the company’s Hybrid III neck (“for improved response,” according to the website.) This is then attached to the company’s latest product, the Human Thoracic Surrogate, which can be fitted with “loadcells, accelerometers and pressure gauges to facilitate injury scoring,” according to Wesley Fisk, a partner at A&E.

They then brought in a bunch of scientists who did not know that they were investigating JFK, although the mock-up of the Dallas, Texas crime scene, complete with depository, grassy knoll (using real grass), etc, might have offered a clue. They were impressed by the Frangible Ballistic Heads. “The heads they used were quite interesting,” said one of the experts. “They were considerably more sophisticated than anything I’ve seen before.”

After the fake Oswald shot the fake JFK, they were asked to look at the spatter of all the green-dyed pig-gelatin. Turns out the the key was the lack of back-spatter—the stuff that goes the opposite way you’d expect if you’d just shot someone in the head:

The general lack of back spatter and the preponderance of spatter in another direction are two of the clues, among others, that the investigators used to pinpoint the origin of the shots.

Conclusion: just one shooter.

PS: The program hasn’t aired yet, but already it’s being called ‘baloney.’ Unsurprisingly.

Illustration: T&E Systems