20040731

Worst article ever?

OK, maybe this isn't the worst article ever written about computer security, but I think it comes pretty close. From the Guardian, a story about Computer 'spy' that could clean you out.

Here are some extended excerpts:

Spies sitting in your computer could be sending signals to international fraudsters determined to clean out your bank account or use your credit card.

"Spies" "sitting" in my "computer"? Puh-lease.

No one is safe - even the mighty Google computers collapsed on Monday in the face of concerted hacker attack.

Wrong, wrong, wrong. Google suffered some delays and minor outages as the side-effects of a worm that used search queries to mine for new email addresses to send itself to. This has nothing to do with the rest of this story.


And figures from the national crime squad estimate that computer-enabled financial fraud added up to £195m in 2003 - a figure that is set to grow fast.


I'd like to know if, in the 21st Century, there is any serious financial fraud that is not "computer-enabled". What is the figure for fraud against individuals using phishing and key-logging as opposed to, say, the figure for family members or friends stealing credit cards, or muggings?

Jobs & Money can reveal that fraudsters are now moving away from the simplistic "phishing" first seen late last year.

Phishing has a history of much more than a few months.


Phishing involves criminals attempting to confuse internet bank account holders into divulging user names and passwords by sending them a phony letter from their bank asking for these details to "help upgrade security."
If you comply with their instructions, they can then loot your account or use your plastic card.


Use my "plastic card"? Excuse me? How -- would I email it to them? I think what you are trying to say is that phishing scams attempt to get people to reveal their credit card details so that these can be used by the scammer.

The new menace - which has similarities to the "rogue dialler" scam highlighted in Jobs & Money recently - is called "keylogging," where a small item of computer code is sent to a user. This is usually via an email or attachment. Once this program is in the computer, it remains there until triggered by account holders logging on to a bank. Deats believes criminals have details of more than 1,000 financial institutions including all the major UK banks. The code transmits that you are online to the bank. But the real killer application is that it reads every keystroke you make, as you make it. This means it can replicate your user name and password for future use.

Aha -- so the real part of this story is to highlight the use of keyloggers to capture bank details. Why didn't you say so? Contrary to the implications here, keyloggers have been around for a very long time, and many financial institutions have taken (admittedly not very good) actions to prevent them being effective -- for example, getting you to enter some information from drop down menus rather than typing it in. Such schemes have been in effect for at least four years.

Also, you really don't know what the meaning of the term "killer application" is, do you?

These codes, sometimes known as backdoor trojans, first appeared in Brazil. More recently they have grown exponentially in the US, Australia and now the UK.

When you say 'Brazil', are you referring to the country, or the Terry Gilliam film? To talk about a phenomenon on the global internet as having a specific geographic location is somewhat silly. And "backdoor trojans" is a rather more general term than just keyloggers.

"Warnings and other actions on fake sites were effective. Now all they have to do is to entice you to an email.

Hmm, gosh, just opening an attachment in an email [in Microsoft Outlook] could cause unexpected consequences? I've never heard of that happening before. Oh wait, every dumb email virus for the last three years has done that.

They can be very clever so they will insinuate the executable keylogging code through an email offering information on storms in hurricane zones or about football if you show an interest in sport," Deats says.

Because the computer knows that you like football. And who can resist hurricane information? I know I can't.

Computer experts say they have not yet seen a keylogging trojan that insinuates itself in a system without an opened attachment but believe someone is working on this at the moment.

Computer experts have not yet seen a computer program that is as intelligent as a human being and can carry out complex conversations about the weather and what's on TV, but believe someone is working on this at the moment.

Actually, I shouldn't mock this all that much, becuase the whole Wintel environment is sufficiently insecure that infection without running an attachment seems quite plausible.

Fraudsters have also been helped by the growth of broadband. "Many users keep their machines online all the time - that's the big advantage. But they forget that the longer they are online, the longer they are at risk," Deats says.

Wait a minute, you were talking about email attachments. Are you suggesting that if I leave my machine on longer I will get more email? No. You are confusing email with other attacks on networked machines.

The criminals use different tactics. Some steal your details and may keep them for weeks so that even if you suspected something, you will see no action for a time.

And what difference would it make if I suspected something?

The banks are also fighting back with better software. Lloyds TSB's online users have to prove who they are by answering questions by moving their mouse - mouse moves are not yet picked up by backdoor trojans.

That's not the point: mouse motion could be easily tracked, but unless that could be linked to screen location and what was there, then not much could be done about it.

In conclusion, it is important to understand the real dangers of fraud through online banking systems, but stupid, incorrect and badly researched scare stories like this. Here is some simple advice that will help a lot:

Don't use microsoft email or web browsing software.

Don't open attachments or HTML that is sent masquerading as email.

Don't be an idiot.

Alternatively, do be an idiot and do all these things. Since I don't, then you will get your money stolen and keep the fraudsters busy, while I will be safe from their attentions while their are plenty of idiots like you to be fleeced.

20040729

Criminal Incompetence

Why is it, I wonder, that everyone that I encounter in administrative or related jobs displays a level of incompetence, stupidity, or mindlessness that verges on the moronic? Take for example, the editorial staff at a top journal, who invited me to submit a paper there. The deadline for submission was a month ago, and so I sttruggled to prepare my thoughts, add the requisite 30% novel material, and such like, in order to meet this deadline.

Yesterday, just over one month since meeting this deadline, an editorial assistant emailed to say that the paper was over their page limits, and I would have to resubmit.

So that's one month to open the file, look at the number of pages, and compare this to the page limit. That's effciency for you.

"But wait", you are surely thinking, "don't you bear some responsibility for not observing the stated page limits. In fact, isn't this outburst just you redirecting your anger at yourself for not getting this right."

Well... no.

The page limits for the journal are "14 pages in the journal style: 10pt, 2 column". They also invite you to submit in single column, double space, with about 26 lines per page. They mention that in this format, 25 pages are acceptable.

Now, anyone who has ever had any experience with typesetting will know that 14 pages in 2 column format translates to a very large number of pages when you knock up the font size and the line spacing. So when I sent my submission, which was several pages above the 25 page double spaced limit, I knew for sure that it would be much smaller when put in the final format. But, as a reviewer, I know that I appreciate a nicely spaced out review comment on which to scribble comments.

This morning, I spent some time messing around to put the submission into 2 column format. This requires some amount of effort in getting the line breaking for formulae not to spill over, and otherwise make it look OK. This is mostly wasted effort, since when it finally gets printed in a journal, it gets transferred into some bizarre internal format [for no obvious reason]. It came to 13 pages, without cutting or squeezing anything. I sent that back, and expect to hear from them again in a month with some other idiotic quibble.

Second (yes, there's more), I called up my favourite useless, thieving, cheating lying airline: Aerolinea Argentina. Regular readers will remember that they stole lost my bags some months ago. A couple of months back, I sent off a reimbursement claim, and naturally heard nothing from them. Today I called them up to hurry them along (since nothing happens if you don't call people a dozen times). In my original claim I sent a list of missing items. The nice lady on the phone told me that I need to fax to her the same list but handwritten. Handwritten? WTF? But why is it that I have to call them to get this stupid (and not previously mentioned) instruction from them? Are they being serious, or is this just some game that they play with their customers to wind them up and wear them down? I should just sue the buggers, but that's far too difficult.

20040728

Doh! Nuts!

One for the NTK fraternity, I'm afraid (too lazy to send it in, so can someone else?). From Wednesday's Guardian:

20040725

The Gallery

Time for some screenshots that I've been saving up for a while, and might as well get rid of now. First, what's on TV tonight:



Hmm, one for the MD5 geeks out there, I suppose.

Next, proof -- if proof were needed -- that Excel is somewhat of a crappy program:



Can't have two files with the same file name open at the same time? That sounds like bad programming...

Lastly, a cry for help. Do you have friends who have fancying McIntosh computers? You know, the ones that come in pretty colours? Well, you may have noticed that many of these have a nice fancy screensaver that shows their digital photographs and smoothly transitions between them. What I want is one of those but for a PC. It has to be freeware/shareware with no nags (because I'm cheap). Any suggestions?

[Edit: OK, so in fact the most convenient solution seems to be the "My Pictures Slideshow" screensaver built into WinXP. Which is a start, except, I can't specify other directories, remove the more vile transition effects, or otherwise configure the slideshow to the extent that I would like. It's the straw man that others will be judged against, though]

Summit Happening

After a lot of thought, and careful planning around the location of various vital services (work, groceries, direct train lines to new york), I've settled on where it is I want to live from the end of next month. All I have to do now is to find somewhere to live there that isn't too exorbitantly expensive. More and or less if I actually manage to get people to find such a place for me.

20040722

"Pick up the gun"

Now we can at last be sure that Iraq posesses weapons of mass destruction. How? Because we will sell them to them.

20040720

John Doh!

I ought to be getting up and doing some work. But instead I seem to be sitting here about to nitpick problems with a 2 year old cancelled TV show.

"John Doe" is a moderately amusing detective show. Since every modern TV detective show needs a gimmick, the gimmick here is that John Doe the anonymous eponymous protagonist knows everything. That's right, everything -- and is able to use this knowledge to solve impossible crimes.

Problem is, the actor playing Doe isn't quite so smart. Take this snatch of dialogue where Doe is using his knowledge of probability theory to win large in a casino:

"The statistical probability the equation of n equals log one dash dc over log one dash dp I'd say the chances you pull a four are 93.3%"

Do you see what went wrong here?

20040719

"It's not right and it's not fair"

Bush is making Democrat blocking of presidential judicial nominees a campaign issue.  Now hear the trying hard to be non-partisan NPR categorically take this argument apart.
 
Of course, judges should not be political appointees, since they are supposed to be impartial interpreters of the law, but we can't have everything we want.



Land of the Free?

For a nation that proclaims itself the land of the free, there are a variety of standards within the USA when it comes to those old favourites, sex and drugs (they're working on rock and roll). While law at the federal level focuses on persecuting based on claimed connections to "terror", the states are happily going their own way to impinge on the freedoms of others for the strangest of things.

Consider the following two case studies:
couple arrested for selling sex toys.
Tommy Chong serves 9 months for selling glassware

That's right: these people were arrested, and imprisoned, not for selling drugs, not for selling sex or even pornography, but for moulded pieces of plastic and glass. And there's a lot of this going on. While the attention is distracted with wars, explosions and politics , freedoms are gently and quietly being removed. Ask yourself, how long before what you do is found to be in violation of some law or other?

20040717

"Please listen carefully"

One question: why do all telephone based automated menu systems change themselves constantly. In other words, why is it always "our options have changed"? What is the inherent instability in telephone touch-tone based dialling systems? Or is this just a scam with the telephone company in order to keep us on the line longer while brainwashing us with noveau cliches:

"Please listen carefully, as our options have changed. Your call may be recorded for training purposes. Please hold, because all operators are currently dealing with other customers. Your call is very important to us."

On the other hand, don't get me started on these new 'voice activated' systems, which are incredibly unresponsive. If you want to subject yourself to intense annoyance, may I suggest Virgin Mobile USA, whose "virtual advisor", Amber, is possibly the most irritating false person I have ever encountered. Call 1-888-322-1122 from the USA to enjoy the pleasure of her company as she does her best to prevent you from speaking to a real person who might just be able to help you with your problem.

If you had one shot, one opportunity...

...would you capture it or just let it slip?

Imagine yourself to be a radio DJ, with a waning reputation for being a bit of a firebrand, a bit of a wildcard. The self-styled "saviour of British radio". And, for reasons too banal to go in to, you find yourself at Chequers to promote "Sports Relief" with the Prime Minister of Great Britain, Tony Charles Lynton Blair. After a little knockabout fun, in the middle of which you both jog a mile as part of the campaign, you are wrapping up the interview, and have the chance to ask any question you like. Which of the following questions would you ask?

(a) "Mr Blair, a lot of our listeners are young people, and many of them are in the armed forces, or have friends and family who are. Their lives are being put in danger in Iraq on a daily basis; yet, no weapons of mass destruction have been found, nor is their any credible evidence that Iraq was a threat to the UK. What do you say to those who have lost loved ones in the conflict: what has their loss and suffering achieved?"

(b) "Prime Minister, a lot of our listeners are young people, many of whom will be voting for the first time in the elections in 2005 or 2006. What would you highlight as the achievements of your government over the past seven years, and how would you encourage them to cast their votes?"

(c) "So Tony, a lot of our listeners are young people, and they'd all like to know: what's your favourite cheese?"

To find out which question got asked, listen to the second interview here. [about 6minutes into the clip].

A level of journalism that makes asking Tim Westwood "are you aware that you are white?" look like Paxmanian interviewing. Well, it was a pertinant question in that case.

20040715

How peculiar...

Some non-ironic use of the phrase
"valley of our souls" which by the second page of results has become entirely smut-filled.

20040712

This is a stick-up!

An Ivy League professor writes,

"Could you email me all your lolly stick jokes in one convenient file?"

In a word, no. Do you think that I really have nothing better to do than to save all the archives of this non-blog thing to disk, boot up cygwin and grep through the HTML for all occurrences of the word 'lolly', and then tidy up the results? I might just as well spend my time downloading random episodes of Monty Python's Flying Circus in order to identify snatches of rousing anythems.

On a completely unconnected note, here for your delectation and irritation is a collected list of all the lolly stick jokes that I've picked up over the years. Note that these are all genuined jokes, that came from lollys (lollies? red lolly, yellow lolly?) that I purchased and ate from my local Shtop&Shop. And if you don't believe me, I have the evidence right here on my keyboard -- look:

  • If a gown is evening wear, what is a suit of armour? Silverware.
  • Why did the annoying exterminator lose his job? He bugged his boss.
  • Why was the book in the hospital? Because it hurt its spine.
  • Why did the book join the Police? So he could work undercover.
  • When is a fin not a fin? When it's a dol-phin.
  • Why did the boy stare at the automobile's radio? He wanted to watch a car-tune.
  • What were the two talkative computers doing? They were having a disc-cussion
  • What did the girl melon say when the boy melon proposed? We're too young, we canteloupe.
  • Why did the bird go to the theatre? So it could wait in the wings.
  • When do you have feet on your face? When they're crow's feet.
  • When is a theatre clumsy? When the curtain falls.
  • Where should you put your TV? In a remote area
  • What can of dog can jump higher than a house? A house can't jump.
  • What kind of horse never wins a race? A sawhorse.
  • How to billboards talk? Sign Language
  • What did the lawyer call her daughter? Sue.
  • What kind of phone does a turtle have? A shell-ular phone

20040711

Relative Values

Only just noticed the following:

Price of 1.5L bottle of Sprite = $1.09
Price of 1.89L bottle of milk = $2.19

What kind of country has values like this?

Thinks: what is the equivalent cost in the UK?
1.29GBP for 2 litres of Sprite
30p/pint for milk -- so about 1 pound for 2 litres of milk.

Hmm. Not quite so bad.

Lolly stick joke: What did the lawyer name her daughter?
Sue.

Rotten.


[Edit] I guess I shouldn't try to post lolly stick jokes from memory, as I go and repost an old one. Here's the one I should have posted:

What kind of phone does a turtle have?
A shell-ular phone

Awful.

Thanks to the non-fathers against injustice campaign for pointing that out.

20040710

Clean, clean, clean

Cleaning is so difficult. Who would have expected that one house could have such a large total surface area? The worst part is the vacuuming: first you vacuum the floor with the big vacuum; then you empty the accumulated dust into the bin, and express shock that there could be quite such a large volume of skin cells and hair lying about the place (since you also emptied it just before embarking); then you use the small vacuum to clean up around the bin to get the dust that fell out while you were emptying the large vacuum; then you take out the bin bag because it's now full of rubbish; then you take the bin to the bathroom and wash the bin because it smells and has old bits of food lying around the bottom of it; and then you have to wash the bath; finally, in a bit, I'll fill the bath with hot water and wash myself. It's all very self-referential and infinite regress-y, like one of those InfiniteCat.com/Fark NewYorkPost memes that spirally around the internet at the moment.

Perverts, the lot of you

Can't help worrying about the class of people I get around here. Here's a pick of the best search queries coming my way out of the last dozen or so, and see if you can spot a trend:

miss piggy breast
hen party hidden camera
"shrek sex"
dervla kerwin
george formby wanker
DERVLA KERWIN
"fiona nude" shrek
dervla kerwin

I suggest you all seek professional advice. I know I would.

Xenophobes (anag)

Just watched "Phone Booth", a cheap thriller that came out last year without too much fanfare. Much to my surprise, it's really good. It has many points in its favour, including the fact that it's nice and short (1 hour and a quarter, before the credits); it spins out much like a play -- would work really nicely as a one scene play; and a DJ Shadow Song on the end credits. Colin Farell sweats vey effectively through the whole thing. The only down point is Keifer Sutherland, who just phones in his performance.

20040707

Oh Doctor, I'm in trouble...

Good to see that the Doctor is still travelling through time, at least according to Amazon...

20040705

Long whinge post lost to posterity; you didn't miss much.

Long whinge post about SODA and ICDE deadlines, and their relative placement around US National holidays has been accidentally deleted by virtue of closing a window that shouldn't have been; don't worry, you didn't miss anything special. Instead, I'll just pick up with the whinge about the disappointment that was MacGyver: Trail to Doomsday. While the other Straight-To-TV MacGyver movie from the same year, the previous Movie of the Week "MacGyver and the Treasure of Atlantis", was a chirpy, riproaring Boy's Own style caper, Trail To Doomsday is, well, just a dark, miserable mess. The plot doesn't really make any sense, there are too many characters who don't make any impression, there are several jumps that are incoherent, but still the plot twists are obvious from a mile off. There isn't much scope for MacG's famous swiss-army-knife style innovation (appart from disarming a nuclear device with a conveniently placed tennis racket:



), and he even breaks his cardinal rule by firing a gun. Admittedly, he fires it over a bad guy's head, but that's not the point. This movie, like Atlantis, was filmed mostly in England (presumably the two were made as adouble header), but this time it is actually set there, although it doesn't really benefit from it. One exception: a cute chase scene where the mostly wasted Alun Armstrong looks for MacG in a mocked up Kensington tube station, and MacGyver finds a clever place to hide on the platform:



Lastly, interesting to note that MacGyver's love interest was played by Beatie Edney, who only one year later was one of the leads in Dressing for Breakfast, which I categorically don't remember. While, the innocent child in the middle of all of this was played by Lena Headey, who I happened to see again on Saturday in The Parole Officer. It's all connected, you see. TPO, by the way, is quite passable, entirely what you'd expect, and only mildly amusing, which is a shame. It's a good thing that Henry Normal was on scriptwriting duties though, because it means that he was able to slip in one or two beautiful lines that probably escaped most people's notice. Paraphrasing dramatically: "I'm going to give you a blank piece of paper. You can either wipe your arse with it, or write yourself a new future" "I'm prepared to get my hands dirty for you." Class.

I may or may not remember to update you on two untelevised pilots later, if I can be bothered.