All Your .com Are Belong To US

In the latest cyber moves by the Dept of Homeland Security against a Canadian on-line gambling outfit, it’s been confirmed that if it’s a .com domain, it falls under US jurisdiction, regardless of where the servers are, where the company is incorporated or who the domain registrar is.

Strangely for the “Land of the Free”, Americans aren’t allowed to gamble on-line but this didn’t stop Bodog, a Canadian-based on-line gambling site with the domain bodog.com, from aggressively marketing its services to US citizens. As a result, Bodog’s four owners have been indicted (pdf) on various internet gambling charges.

Almost everything to do with this organisation was out of harm’s way in Canada – the company, the owners, the servers, the domain registrar – so the DHS took the step of forcing Verisign into doing the dirty work. Verisign manages the .com infrastructure and they removed (pdf) some of the key linking records to the bodog.com domain, thus putting the domain off the net.

In this instance, it can be hard to feel any particular sympathy with Bodog as it appears that they did what they did knowing that it was illegal. Regardless, though the point is now made that a .com can be taken off the internet pretty much because the US doesn’t like it. Selling holidays to Cuba – you’re gone. Trading with Iran – you’re off-line. Evolution is a fact – you’re history.

If you or your organisation has a .com, you’re now under US jurisdiction, and if you think this is bad, imagine what it would have been like if SOPA had been enacted.

Vivick Anti-Theft Backpack Debuts at CES

Vivick LogoThe theft of mobile electronic devices has become increasingly attractive as the value of gadgets rises and the economy falls. A particularly easy way to steal is to simply open likely-looking backpacks and rucksacks while they’re being worn and remove the gadgetry without the owner noticing. Sometimes the pack can be unzipped quietly, other times it’s cut open with a knife or scissors. A skilled thief can do this while someone is walking along but more commonly it happens on trains and buses.

To defend against this thievery, Canadian firm Vivick will debut their new line of anti-theft backpacks at CES in January, comprising three bags constructed from an anti-slash military-grade gauge nylon with a combination lock built into the zipper tab. Each model is designed to look good while being sturdy and durable, and the carry straps are also strengthened.

Rifling through my satchel this morning, I found a laptop, a tablet, an MP3 player and a somewhat old smartphone (Palm Treo Pro). Even with this last item, the total value of the technology exceeds £1000 (or $1500), so this isn’t a purely theoretical risk.

Vivick is known for its professional electronic designs, having worked for Apple, Sony, Samsung and Dell to create accessories for their own product lines. Vivick has also worked with Aston Martin and Ferrari on interior automotive accessories. Based on these credentials, I’ll be very interested to see what they come up with at CES.

Search Data and Browsing History Used As Evidence

Google Logo
The murder trial of Jo Yeates is front page news throughout the UK – a neighbour Vincent Tabak is accused of killing her. At the moment, the prosecution is presenting its case and a couple of interesting things have emerged as evidence.

In particular, the prosecution has alleged that the defendant:

  • looked at Wikipedia for the definitions of murder and manslaughter.
  • searched for the maximum penalty for manslaughter, i.e. how many years in jail.
  • looked up definitions for sexual assault and sexual conduct.
  • searched maps showing the area where the body was later found.
  • searched on CCTV cameras in street where both the defendent and victim lived.
  • use Google StreetView to view the same area.
  • researched criminal forensics, fingerprinting and DNA evidence.
  • read news stories on the investigation into the disappearance  of the victim.

Of course, it will be up to the jury to decide whether these are good indicators of guilt, but regardless it’s clear that if someone is accused of a crime then there’s a pretty thorough examination of one’s computers and on-line behaviour. Obviously this case is about a very serious crime but it’s almost a gift to the prosecution when put together like this: can you think of any good reason to access this material at the time of the disappearance? However, this is circumstantial evidence and needs to be weighed as such.

On a related note, Google has announced that if you are signed-in to Google when you search, you will automatically use https://www.google.com/, the secure version of Google Search. While this will prevent casual snooping on your search, Google will be keeping hold of your search information so that it can better serve you adverts. And how long does Google keep the search information? Indefinitely or until you remove it. So while on the face of it encrypted search is a good thing, it comes at the price of Google knowing yet more about you.

I suspect that in the current murder trial, all the computer forensics team had to do was look back through the defendant’s browser history. Easy if there’s only one computer, but more difficult if the person has a home computer, work laptop, smartphone and so on. If you’re tied into Google everywhere, all they’ll have to do is subpoena information from Google and get your search data in one tidy little bundle. Nice.

How To Hack Mobile Phone Voicemail

As the fall-out from the News of the World scandal continues, many sources continue to inaccurately refer to “mobile phone hacking”. The truth (as far as is known) was that it was the voicemail of the mobile phone that was hacked rather than the phone itself. There are two ways to do this – the first is to simply guess the PIN of the voicemail and the second is to use Caller ID spoofing.

In the mid-2000s, most mobile phone voicemail systems were poorly protected as they typically came with a default PIN which was often easily guessed and only varied  according to the mobile phone company. Most users didn’t bother to change the PIN. Say the phone was on Orange, then the default PIN was 1234. If it was Vodafone, then 0000.  Typically, the villain then makes two simultaneous calls to the victim. One will be picked up, the other will go to voicemail.   By then pressing “*” or “#” while listening to the voicemail prompts, the individual can gain access to the voicemail system using the default PIN. Computeractive has article covering this scenario and how, in theory, it would be harder (but not impossible) to take this approach today.

As for Caller ID spoofing, this technique makes a call look like it’s coming from a different number than it actually is. It can be used legally to make someone calling from a mobile to actually appear to be coming from a company office, so that the person’s mobile number is not divulged. However, in some instances it has been used to gain access to voicemail boxes as many voicemail systems do not ask for further identification if the system recognises the inbound Caller ID as one of its own. PC Mag and c|net have short articles on how this is done and worryingly, this is still a threat. The Wall Street Journal covered the problem in 2010 before the current scandal broke.

It would appear that the best protection to both these attacks is (a) to change your PIN on your voicemail and (b) require your PIN even when calling from your own mobile phone. That way, even if your Caller ID is spoofed, the caller can’t get in without knowing your PIN.

New and Improved Link Farm Scams

New form of link farming is happening in the blogosphere. The days of people trying to buy text links on your websites are largely gone.  What has cropped up is a more malicious form of link farming.

At least 3-4 times a week I get am email the reads like this.

———————————

Hi there,

We’re all big fans of Geeknewscentral here at “SomeStupdWebsite” and noticed you use to feature cool infographics now and then.

We just launched this new infographic called “The most amazing Tech companies”  and we were wondering if it’s worthy to be featured on your site. We can provide you the pre-written article to post into your page.

What do you think?

Thanks,
Another Dumb Marketing Scam Salesman

———————————

The emails all hover around the same theme, how they love our site and how they want to help us and provide content to us on a regular basis, while all the time linking back to their source article to use my sites reputation to build their sites reputation.

At least before the Text Link farmers were willing to pay a few bucks for the opportunity to build their page rank. These new scammers must think were stupid.

Apple Demands 30% of Everything!

The Money Grab has begun. Apple today through its walled garden has thrown down the gauntlet saying you shall pay me 30% to pass through our gateway. Seriously the implications of today’s announcement must have companies like Netflix, Amazon and anyone else selling a product via their iPhone app wondering if they should be on their devices.

Apple has said pay up or get the hello out. After June 30th you cannot charge for anything unless you are willing to give Apple 30% of the proceeds. Most companies’ profit margins are under 10% and to think that Apple wants 30% is simply insane.

As a content provider who may someday sell access to some of my content. The implications of having to pay Apple 30% for the right to do so on their devices is a very steep percentage to pay.

So what’s next, will Apple demand a portion of adverting revenue running in the content. At this point no one should be surprised at anything this company will do to cash in and fatten their bank accounts.

Makes you want to go out and by an Android Device doesn’t it.

BacTrack Personal BAC Monitor

Carissa stops by the BacTrack booth to check out the latest in breathalyzer technology.  BacTrack produces their devices for both law enforcement personnel and the man-on-the-street.

Almost everyone knows the “legal limit” in their area, but the average person has no clue what a number like .08 really means.  Well, now you don’t have to carry a badge to know if you shouldn’t be getting behind the wheel – you can pick up your own personal, certified-by-the-FDA breathalyzer at your local office supply store.  The one demonstrated in the video is only $149, which is a LOT less than court costs and jail time.  But, you’ll have to watch the video to see how much Carissa has had to drink….

Interview by Carissa O’Brien for Geek News Central.

Please Support our CES 2011 Sponsors.

Save 25% on 4GH Hosting 1yr Subscriptions Save 25% Promo Code CES2.

Are new media creators being used?

Two weeks ago I was contacted by a major marketing firm representing a major Fortune 500.  The pitch was pretty good, they wanted me and a crew of my choosing to come to Palm Springs and cover an event for their client,  a large number of their top partners would be their for three days of training. The basis of the assignment was that I would live stream the event to a site that would be behind a corporate firewall.  They also wanted me to interview and post produce 30 interviews from partner companies at the event. They made it clear that  I would have to submit those interviews to the company within 5 days of the closing of the event for placement behind their corporate firewall, and that I “would not” be able to use them on my site.

I submitted them a very fair proposal for a three people crew that contained expenses for Travel (coach), Hotel, Perdiem, Equipment shipping and a reasonable coverage and post production fee. The grand total of the proposal came in just under $25,000. All told there would be about two weeks of work on this project with post editing of interviews and the 24hrs of show coverage.

The response I got back from the company, was that they would be willing to pay for Travel, Hotel, Perdiem and shipping but not my fee to cover the event or post production costs. When I responded that this was unacceptable,  they were quite incredulous in saying that their would be 5 interviews I would be able to publish publicly, that should be worth the production cost, salaries and other expenses to cover the event.

I am shocked they would ask me to fly three people to palm springs and stay at a  5 star hotel per their request. Where we would be on location for 5 days to cover a three day event, ship in $40,000 worth of equipment. Produce 24 hours of live content,  plus do 30 interviews that would require a week of post event production time essentially for travel expenses?  I don’t know what you thinking but I will say this, they must have been smoking crack to think anyone would do this for expenses. If they had contacted a true production company, their cost to do what I proposed to do would have been a 100k with 10 people on the ground.

I am refraining in mentioning the company holding the event,  and representing marketing company in this piece, I told them that I would be posting an article pertaining to the discussions that broke down last week, and their legal department immediately threatened me with a lawsuit if I named them. That is the last thing I need, and want to warn other content creators to be careful to not be taken advantage of by companies looking to scam you into what they promote as a great deal for your time.

We could have really hit a home run for them in the production of this event, as I know the space and the players. But I refuse to be play along with this charade, like this is some great deal for my company, if the company was a sponsor of my show or something else maybe I would have considered it differently, but they want something for virtually nothing at my expense and time

If I had exclusive rights to the content  to post as I see fit and stream the event live, then I could have weighed this differently as well. The insinuation that was made that was because we are new media the trade of services for access was an acceptable trade off. I disagree and as a business person am in business to stay in business not do charity work.

So the question needing asked are companies now trying to take advantage of small companies like mine because they perceive we can be taken advantage of because we are new media?

Hawaii Internet Slow Down could last a Month or More!

Late last night a Fiber Optic cable between two islands was cut here in Hawaii that is causing massive disruption for users of  Time Warner Road Runner Internet service.  Road Runner did not have in place any redundant back haul, and customers statewide were without Internet service for many hours. When the service did come back on-line it is throttled to speeds that rival dial up days as you can see by the speed test I ran.

A very informed GNC reader told me tonight that they are in mass panic, because they are going to be hard pressed to keep services online at a level of service that customers demand and it could be a month or more before the fiber is fixed and service is fully restored to a level that is considered acceptable. He recommended I call other providers immediately, as their is going to a run on other service providers to get connected to something that resembles something other than dial up speeds.

The first question I am asking is how come Oceanic / Road Runner did not have a backup plan. If a single fiber optic line being damaged was enough to bring down the states internet infrastructure there is some gross negligence by Road Runner management here in Hawaii in my opinion, and someone should be held to account for this lack of basic planning.

This should not come as a surprise because basic bandwidth speeds have not increased here significantly in many years. We have waited and waited for promised increased speeds and it has never happened. This incident makes it very obvious that they do not have the infrastructure in place to handle increased speeds. If one fiber cable is damaged resulting in this massive decrease in available service it is obvious that they have not been investing in infrastructure . This should be a wake up call to Oceanic.

Wait times to talk to customer service representatives were endless. While the cutting of a Fiber optic line is bad, they should have realized we live in Hawaii and our nearest neighbor is 2500 miles away.  This slow down is going to cost Hawaii business owners literally 100’s of thousands of dollars.

I encourage Hawaii Road Runner customers to keep the heat on Oceanic / Time Warner. I do not feel sorry for them, they should have considered this as a possibility before, and had the back haul in place to keep us connected at acceptable speeds.

Secret Trade Agreement To Criminalise Copyright Infringement

According to La Quadrature du Net and based on both official and  leaked documents, secret trade negotiations for ACTA (Anti-Counterfeiting Trade Agreement) by the EU Presidency includes negotiating criminal penalties for counterfeiters and copyright-infringers, bypassing the normal legislative system and significantly increasing the scope of “trade agreements”.

My understanding is that within the UK counterfeiting goods and copyright infringment are generally considered to be civil offences and imprisonment is not normally an option (cf OiNK).  However, criminal offences can be punished by imprisonment.  Of course, I’m not a lawyer and I’ve no idea what other countries do.

To be fair, the criminal part of the legislation is clearly aimed at large scale copying of goods and films as it mentions “commercial scale” in a number of places (article 2.14).  There’s a certain part of me that says criminal gangs and organisations need to be dealt with by criminal penalties which is arguably a good thing.

However, this isn’t the point.  ACTA is a trade agreement and should not be dictating legal penalties.  The ACTA agreement is negotiated between the US, EU, Australia, Canada, Japan, Mexico, South Korea and Switzerland, so it’s impact will be widespread and is likely to be adopted into law with little or no debate from countries’ elected representatives.  While we might agree with criminal penalties for criminal gangs, what will it be next time?  Prison for file-sharing teenagers?

Fortunately, the UK Government does appear to have come out against the change in the legislation.  In an interview for ComputerActive, a spokesman for the UK’s Intellectual Property Office said, “These are not appropriate penalties for copyright infringement.  Acta should not introduce new intellectual property laws or offences. Instead, it should provide a framework to better enforce existing laws.  The UK is opposed to the creation of new criminal offences at UK or EU level through Acta.”

The latest round of ACTA negotiation finished last week in Lucerne, Switzerland so further news may be forthcoming.