Snail-mail spamming

Amazing — and scary –account in Bruce Schneier’s Newsletter about how you could bury someone’s house in physical junk mail. Quote:

“In December 2002, the notorious “spam king” Alan Ralsky gave an interview. Aside from his usual comments that antagonized spam-hating e-mail users, he mentioned his new home in West Bloomfield, Michigan. The interview was posted on Slashdot, and some enterprising reader found his address in some database. Egging each other on, the Slashdot readership subscribed him to thousands of catalogs, mailing lists, information requests, etc. The results were devastating: within weeks he was getting hundreds of pounds of junk mail per day and was unable to find his real mail amongst the deluge.

Ironic, definitely. But more interesting is the related paper by security researchers Simon Byers, Avi Rubin and Dave Kormann, who have demonstrated how to automate this attack.

If you type the following search string into Google — “request catalog name address city state zip” — you’ll get links to over 250,000 (the exact number varies) Web forms where you can type in your information and receive a catalog in the mail. Or, if you follow where this is going, you can type in the information of anyone you want. If you’re a little bit clever with Perl (or any other scripting language), you can write a script that will automatically harvest the pages and fill in someone’s information on all 250,000 forms. You’ll have to do some parsing of the forms, but it’s not too difficult. (There are actually a few more problems to solve. For example, the search engines normally don’t return more than 1,000 actual hits per query.) When you’re done, voila! It’s Slashdot’s attack, fully automated and dutifully executed by the U.S. Postal Service.

If this were just a nasty way to harass people you don’t like, it wouldn’t be worth writing about. What’s interesting about this attack is that it exploits the boundary between cyberspace and the real world. The reason spamming normally doesn’t work with physical mail is that sending a piece of mail costs money, and it’s just too expensive to bury someone’s house in mail. Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it’s physically difficult to do it on a large scale. But this attack exploits the automation properties of the Internet, the Web availability of catalog request forms, and the paper world of the Post Office and catalog mailings. All the pieces are required for the attack to work.

And there’s no easy defense. Companies want to make it easy for someone to request a catalog. If the attacker used an anonymous connection to launch his attack — one of the zillions of open wireless networks would be a good choice — I don’t see how he would ever get caught. Even worse, it could take years for the victim to get his name off all of the mailing lists — if he ever could….”.

Photoshop isn’t killing photo shops after all

According to the NYT, the inexorable rise of digital photography may not wipe out the traditional photo retailer after all. And this is not just because consumers buy their digital gizmos from photo retailers, but because many of them find the business of editing and printing digital pictures just too fiddly. So they bring in their cameras and get the pics printed in store. It’s a bit early to say for sure, but maybe Jessops have a future after all…

Robert Fisk on the looting of Baghdad

As ever, the best reporter on the Middle East conveys a more vivid picture in prose than all the video clips I’ve seen. Example:

“It is a scandal, a kind of disease, a mass form of kleptomania that American troops are blithely ignoring. At one intersection of the city, I saw US Marine snipers on the rooftops of high-rise building, scanning the streets for possible suicide bombers while a traffic jam of looters — two of them driving stolen double-decker buses crammed with refrigerators — blocked the highway beneath.

Outside the UN offices, a car slowed down beside me and one of the unshaven, sweating men inside told me in Arabic that it wasn’t worth visiting because “we’ve already taken everything”. Understandably, the poor and the oppressed took their revenge on the homes of the men of Saddam’s regime who have impoverished and destroyed their lives, sometimes quite literally, for more than two decades.

I watched whole families search through the Tigris-bank home of Ibrahim al-Hassan, Saddam’s half-brother and a former minister of interior, of a former defence minister, of Saadun Shakr, one of Saddam’s closest security advisers, of Ali Hussein Majid –“Chemical” Ali who gassed the Kurds and was killed last week in Basra — and of Abed Moud, Saddam’s private secretary. They came with lorries, container trucks, buses and carts pulled by ill-fed donkeys to make off with the contents of these massive villas.

It also provided a glimpse of the shocking taste in furnishings that senior Baath party members obviously aspired to; cheap pink sofas and richly embroidered chairs, plastic drinks trolleys and priceless Iranian carpets so heavy it took three muscular thieves to carry them. Outside the gutted home of one former minister of interior, a fat man was parading in a stolen top hat, a Dickensian figure who tried to direct the traffic jam of looters outside.

On the Saddam bridge over the Tigris, a thief had driven his lorry of stolen goods at such speed he had crashed into the central concrete reservation and still lay dead at the wheel.

But there seemed to be a kind of looter’s law. Once a thief had placed his hand on a chair or a chandelier or a door-frame, it belonged to him. I saw no arguments, no fist-fights. The dozens of thieves in the German embassy worked in silence, assisted by an army of small children. Wives pointed out the furnishings they wanted, husbands carried them down the stairs while children were used to unscrew door hinges and — in the UN offices — to remove light fittings. One even stood on the ambassador’s desk to take a light bulb from its socket in the ceiling.”

Violate the DMCA: go to gaol

Xbox mod chip man gets 5 months. America’s Digital Millennium Copyright Act strikes again, with David Rocci from Virginia getting a five-month prison sentence and a $28,500 fine, as The Inquirer reports. It could have been worse. The DMCA allows for up to five years inside and a fine of $500,000.
[onlineblog.com]

Intel takes Ultra Wideband to 220Mbps

Ultra Wideband radio has looked for a while like a really interesting technology. Now comes a report of what Intel have been doing with it. According to reporter Martyn Williams, “The prototype was demonstrated by Kevin Kahn, head of Intel’s communications and interconnect technology laboratory, as part of his keynote speech at the Intel Developer Forum (IDF) Japan event, which ended Friday at Maihama just outside Tokyo”. The transmitter and receiver pair, which Kahn said were just out of the laboratory, achieved a sustained data rate of around 220M bps over a distance of about one meter for approximately 2 hours while on display on the IDF Japan stage. The data rate is more than double that of a system Intel showed in Japan a year ago: That system was working at 100M bps.”

So this is the next Bluetooth then?

More on Concorde

Lance Knobel: “The most loyal Concorde passengers are the Duchess of York, Joan Collins, Sir David Frost and Sir Elton John. Shudder.”

Harvard and the Digital Millennium Copyright Act

The Dean of Harvard has written to students informing them that the University will “terminate the network access of any student who is a repeat offender, that is, a student who has been warned about a first incident of copyright infringement and who is again found to have been downloading, reproducing, or distributing copyrighted material in violation of the copyright laws. The length of termination will be one year. Termination of network access includes all devices owned or registered by the student. We call this severe consequence to your attention because the educational consequences of such a deprivation of access would be so very serious, given the way students typically use the Harvard network on a daily basis for educational purposes.”

John Palfrey, Head of the Berkman Center for Internet and Society has posted a thoughtful comment on the issue. “While the university wants to endorse academic freedom and doesn’t want to have to patrol the network”, he writes, “the university can’t very well endorse stealing and can’t open itself to huge liability.  While the university wants to stand up for its students, it probably isn’t likely to want to investigate and litigate every one of the notices it receives of copyright violation (from a proof perspective, one can imagine all sorts of problems of authentication, who’s doing what exactly, whether usage constitutes “fair use”, particularly in the peer-to-peer context, etc.).  While the law just requires a copyright holder to make an accusation in a letter, the law requires much more on the part of the University.  Given that the law — particularly when it comes to fair use of copyrighted material in an academic setting — is quite unclear and one often has to be willing to go to court to achieve clarity in a given instance, how can the University make decisions about the legality of use on the network?  Given the reliance of students and teachers on the network for learning at this point, is the one-year network prohibition the right penalty for repeat violation?  What does it mean to be off the network for a year?  Are you then off-campus?  I do not envy those with the job of answering these questions.”

Nor me.

Is Syria next?
From John Robb:

“Big question; One thing most people don’t understand, is that given our focus on the Loose Nuke Problem Syria rises to the top target.  Why?  It is the prime sponsor of the delivery system for loose nukes (terrorists).  More than any other country in the world.  While it may not have programs to produce WMD, it can deliver them (remember, N. Korea is about to engage the capacity to produce 60 nukes a year, likely to be sold to the highest bidder).  Given this logic, Syria is on thin ice as it attempts to reinforce Iraqi resistance.  It is providing ammo to its critics.  

Here is my question:  Do you think we will go to war with Syria in the next year?”

The NYT has second thought about keeping its archive links active

Dave Winer writes: “The NY Times reversed their archive policy again after my last DaveNet on the subject. As noted here on Tuesday, I am working with the Times people on this issue. I agreed not to write publicly about it until we’re finished talking. I’ve talked with a few people who I trust, on the same terms, to try to make this come out right for the Times and for the Web.”

BBC Photo

Adieu Concorde!

So Concorde is finally to be grounded. She was an impossibly beautiful piece of engineering. I flew the Atlantic in her once — and wrote about it. It was an unforgettable experience.