Going phishing

Posted on by

Going phishing

From today’s Guardian:

As scams go, the email was hardly sophisticated. “Hello dear client Barclays Bank,” it warned recipients. “Today our system of safety at night has been cracked!!! It not a joke!!! It is the truth!!! We ask you, in order to prevent problems, to repeat registration of your data. Make it very quickly! Administration Barclays Bank.”

But new research reveals the scale of a fraud which has already cost British banks hundreds of thousand of pounds after customers have been fooled by these apparently crude messages into divulging their online banking passwords to organised criminals.

The survey by the email security consultants MessageLabs will make grim reading for the online banking industry, which now boasts 11 million users. The scams, which first hit Britain last August, may range from the inept to the highly complex but they are starting to hurt.

“Phishing scams are pretty sophisticated, it’s high level social engineering,” said Mark Sunner, chief technical officer at MessageLabs. “They must be working because we are seeing so much of it. All the major banks are saying it’s a problem. Initially they were worried about loss of reputation, now it’s loss of money.”

We need psychiatrists here, folks. For this kind of ‘social engineering’ (nice Orwellian phrase, that) to work, people have to be extraordinarily stupid. Yet they are. That’s also why virus writers increasingly rely on gullible users to open rogue attachments as a way of disseminating malicious code. Why do people fall for this?

Moreover…I first came across the term ‘social engineering’ in Karl Popper’s writings — especially The Open Society and its Enemies. He was attacking ideologies requiring wholesale political reconstruction of society (what he called “utopian social engineering”) because they led inevitably to tyranny and totalitarianism. An open society, in contrast, would be based on step-by-step reform (“piecemeal social engineering”), in which every step could be critically examined and corrected. Seems such a far cry from phishing expeditions.

Bluetooth, schmootooth

Posted on by

Bluetooth, schmootooth

I once had a Bluetooth phone — a Sony-Ericsson T68i which I got because my geek friends told me it was the only one that worked with Mac OSX.

Well, it kind-of worked, but was fantastically erratic and unreliable. T-mobile replaced the phone twice, but it got to the point where I couldn’t ever depend on it. And if your mobile is your main phone (as mine is) then that’s just not on. So one day last January I dumped it and went out and bought a cheapo, no-frills Nokia which has worked faultlessly ever since.

My main complaint was with the manufacturer, not the technology. Bluetooth seemed to me to be a good idea in principle. It meant, for example, that I could use the phone (when it worked) to drive presentations on my laptop. And I hate wires, so anything that reduced wiring seemed, a priori, to be A Good Thing.

That was before Adam Laurie went to work on it. He’s the Chief Security Officer at a British company, AL Digital. “Before we deploy any new technology for clients or our own staff”, he told C-Net, “one of my duties is to investigate that technology and ensure it is secure–actually rolling your sleeves up and looking at it, not just taking the manufacturers’ claims at face value. When I did that, I found that it is not secure,” he said.

Laurie found that phones are vulnerable to “bluesnarfing,” in which an attacker exploits a flaw to read, modify and copy a phone’s address book and calendar without leaving any trace of the intrusion. The flaw affects a number of Sony Ericsson, Ericsson and Nokia handsets (including my benighted T68i), but some models–including a handful of Nokia phones–are at greater risk because they invite attack even when in “invisible mode” — i.e. when they are supposed not to be broadcasting their presence. For the grisly details, see the web page he has prepared.

On Wednesday last (April 14) the London Times carried an interesting article by Steve Boggan, who went out on the streets with Adam Laurie and found that Bluesnarfing was indeed as easy as Laurie had claimed. It was also intriguing to see the differences between the two main companies affected. Sony-Ericsson put up a feeble spokesbot who first tried to downplay the problem. Nokia, in contrast, were more forthcoming. When quizzed by C-Net, they acknowledged that some of their phones were vulnerable, but claimed that an attack was only possible if the Bluetooth was in ‘visible’ mode. (Wrong, according to Laurie, for some models.) The Nokia spokesman also volunteered some extraordinary news:

If an attacker had physical access to a 7650 model, a bluesnarf attack would not only be possible, but it would also allow the attacker’s Bluetooth device to “read the data on the attacked device and also send SMS messages and browse the Web via it.”

What does all this mean? Well, it’s worrying, simply because mobile phones are becoming the repository for increasing amounts of personal data. If they are not secure, then there is massive scope for mischief. And the riposte that “one can always switch Bluetooth off” is not as reassuring today as it was a few months ago. The UK law which makes it a criminal offence to use a handheld mobile while driving has led to a massive increase in the use of Bluetooth headsets — which of course require that Bluetooth be switched on!

Photoshopping

Posted on by

Photoshopping

If all else fails, incompetent photography can be rescued by Adobe. This picture of the view from the top of the Conor Pass comes from a photograph which didn’t hack it as a straight pic (it was too anaemic, somehow). I expect I didn’t think hard enough about exposure times in the freezing wind up there. But running through a Photoshop filter has made it look more interesting. That beach you can see in the distance is a great place for junior surfers BTW — as the kids will testify.

Postcard humour

Posted on by

Postcard humour

The kids and I went to Dingle for the day (we were in Kerry for a short Easter break). Walking down a side-street we saw this:

One of the boys said “That’s a postcard shot, Dad!”. A few minutes later we looked in a shop selling postcards, and sure enough, there was a photograph of a small white dog waiting patiently for his owner. The only difference was that the mutt was outside a pub!

Why mobile phones are annoying

Posted on by

Why mobile phones are annoying

Andrew Monk and colleagues from the University of York have performed a study to assess why it’s so annoying when other people have cellphone conversations in public.

“The researchers staged one-minute conversations in front of unsuspecting commuters who were either riding a train or waiting for a bus. In half the cases, two actors conversed face-to-face while seated next to a potential test participant. In the other half, a single actor talked on a mobile phone while seated next to a potential participant.

Furthermore, the actors conducted half of the conversations at a normal loudness level, whereas the other half were exaggeratedly loud (as measured on a volume meter). The actual content and duration of the conversations were the same in all conditions.

After each test conversation, researchers approached the bystanders and asked them to complete a small survey about the conversation. In other words, while the conversation was taking place, the participants didn’t know that they were part of an experiment, but rather assumed that the conversation was the normal behavior of one or two other commuters.”

[Summary of results from Jakob Nielsen’s newsletter.]

At last, something to do when you’re stuck on the M25

Posted on by

At last, something to do when you’re stuck on the M25

Log onto the Net using WiFi and do your email. How? Well, according to this report,

“The U.K. government is planning to upgrade its roadside telematics system with a wireless network designed to blanket the country with low-cost wireless Internet access.

At this week’s Wireless LAN Event here, a small Exeter-based company called Last Mile Communications (a trading name of five-year-old TIVIS Ltd.) launched the patented technology the government is eyeing for its massive roadside infrastructure upgrade. Under Last Mile’s scheme, contractors would install about 150,000 inexpensive wireless broadband transceivers in such equipment as street lights and traffic lights, which will run off available power or even solar energy.

These units will self-configure into a network capable of passing signals from one node to another until it reaches an Internet uplink, a technique known as multi-hop or mesh networking. Anyone within about 250 meters (about 820 feet) of a node will be able to access a wireless connection of 40M bps to 400M bps, although the connection will probably initially be made using standards such as Wi-Fi or WiMax, which are considerably slower. A typical consumer broadband connection runs at about half a megabit per second.

The network is designed to connect to the broader Internet via any sort of uplink, including a standard T1 line or satellite broadband connection, the company said.

If Last Mile’s scheme is successful, it would make wireless dramatically more prevalent than it is now, with Wi-Fi hot spots currently limited to places such as airports, coffee shops and convention centers. It could also be a solution to the problems carriers have faced in bringing high-speed Internet access to remote areas that aren’t serviced by cable broadband or DSL.”

“Those who would forget history…

Posted on by

“Those who would forget history…

… are condemned to repeat it”. Can’t remember who said that, but I was reminded of it when reading a terrific column by Niall Ferguson in today’s Sunday Telegraph [NB: free registration required.] Here’s an excerpt:

“There was amazement last year when I pointed out in the journal Foreign Affairs that in 1917 a British general had occupied Baghdad and proclaimed: ‘Our armies do not come into your cities and lands as conquerors or enemies, but as liberators.’ By the same token, scarcely any American outside university history departments is aware that within just a few months of the formal British takeover of Iraq, there was a full-scale anti-British revolt.

What happened in Iraq last week so closely resembles the events of 1920 that only a historical ignoramus could be surprised. It began in May, just after the announcement that Iraq would henceforth be a League of Nations “mandate” under British trusteeship. (Nota bene, if you think a handover to the UN would solve everything.) Anti-British demonstrations began in Baghdad mosques, spread to the Shi’ite holy centre of Karbala, swept on through Rumaytha and Samawa – where British forces were besieged – and reached as far as Kirkuk.

Contrary to British expectations, Sunnis, Shi’ites and even Kurds acted together. Stories abounded of mutilated British bodies. By August the situation was so desperate that the British commander appealed to London for poison gas bombs or shells (though these turned out not to be available). By the time order had been restored in December – with a combination of aerial bombardment and punitive village-burning expeditions – British forces had sustained over 2,000 casualties and the financial cost of the operation was being denounced in Parliament. In the aftermath of the revolt, the British were forced to accelerate the transfer of power to a nominally independent Iraqi government, albeit one modelled on their own form of constitutional monarchy.

I am willing to bet that not one senior military commander in Iraq today knows the slightest thing about these events. The only consolation is that maybe some younger Americans are realising that the US has lessons to learn from something other than its own supposedly exceptional history…”