MonthNovember 2004

Post-modern phishing

Lovely little phishing scam arrived the other day:

To provide our customers the most effective and secure online access to their accounts, we are continually upgrading our online services. As we add new features and enhancements to our service, there are certain browser versions, which will not support these system upgrades. As many customers already know, Microsoft Internet Explorer has significant ‘holes’ or vulnerabilities that virus creators can easily take advantage of.

In order to further protect your account, we have introduced some new important security standards and browser requirements. SunTrust security systems require that you test your browser now to see if it meets the requirements for SunTrust Internet Banking.

Please sign on to Internet Banking in order to verify security update installation. This security update will be effective immediately. In the meantime, some of the Internet Banking services may not be available. (Don’t worry, the URL is safe to click on.)

Lovely, isn’t it? Get the punters worried about one thing so they don’t spot where you’re taking them with the other. Classic magician’s trick. And all spelt correctly too.

The compromised machine being used to host this site is at (in the subdirectory /s). It’s in Italy and has open ports all over the place; you can even FTP into it but I couldn’t get a listing. (It’s a Windows machine.) Anyone care to see if they can get any further?

Would you trust a “managed solutions” company that allows compromised PC in its control to sending spam?

Ho hum, another comment spam storm is going on while you read this (all, hopefully, getting blocked).

One of the Trojan-compromised PCs being used to do this is at the IP address, and has been used since at least November 14 to try to post to this blog about online poker.

Who owns that PC? According to the RIPE lookup, it’s BIS Ltd –, which says of itself that it established its reputation as a supplier of high performance Enterprise Infrastructure solutions to major corporate players in insurance, financial, legal and media business communities.. It seems to be looking after this IP block for Mindshareworld, if I’m reading the RIPE data correctly.

I contacted them a day or two ago about this spam, suggesting they should lock down that PC, as it might be being used also for anything, since it’s clearly being used to send stuff out over the Web to my blog. Perhaps the login details of the person using it are going to online-poker too? Or their banking details?

No response from them, and the spam continues. So I’ll do as I said I would, and name them here. Hello, BIS people! You’ve got a PC on the network you manage that you aren’t controlling! Care to do something now?

Update Weds Dec 1: Turns out BIS is the ISP and Mindshareworld (or Mindshare) is the offending company, which is running a completely open proxy that spammers are bouncing their junk off. What does Mindshare do? They’re an advertising/PR/etc company. I suggested they might like to become better internet citizens by closing down their machine there, or at least securing it.

Irreplaceable.. that’s what you are..

Some people have been wondering about who’s going to succeed me on The Independent writing about technology for the news section.

My understanding: nobody. They aren’t advertising the job (not even internally), three months after I handed in my resignation and one week before I leave. By contrast, when the deputy picture editor resigned, an internal vacancy notice went out within the week.

You can draw either of two conclusions from this: 1) everyone is familiar enough with technology that it doesn’t need special treatment, or a specialist to cover it 2) it’s more important to get a general reporter to cover news than to replace a specialist. Interesting to note though that after next week there’s nobody on the “qualities” apart from the FT with a technology news brief. find related artists, just like that

. Just type the name of a band in and it draws a map showing… bands who are a bit like them who you might like to hear. (Certainly I’ve listened to pretty much all the bands who turned up for “Radiohead”.)

But how does it work?
(Link via The View From Object Towers – good spot.)

Record stores to landfill 750,000 Band Aid CDs after Christmas

Well, that’s my reaction after (a) hearing this dire revision (see other people’s reaction, which is much the same, at this BBC page and (b) reading BBC News: stores to stock 1m Band Aid CDs.

Pirate networks, digital downloads, and the direness of the song, plus the fact that everyone thinks they themselves are the “cause” (cause yeah but no but Vicky said…), and that they don’t actually know which famine is being relieved by this – Namibia? Somalia?Ethiopia – means this is a turkey.

Oh all right, it might sell. But a simple donation would cause everyone less pain.

“You provide the prose poems..” A little more on the Cornwall hoax

Over at Journalistic, the ed weighs in on how national media got hoaxed by a website: If only the journalists who wrote about the story had gone to Nominet and its site at they would have been able to get some further background about who is the owner of the domain. A search would have found it was registered to Kirstin Prisk.

Indeed. But that would assume that anyone had ever shown them that there is a way to discover the owner of a domain, and how to do it. I had to teach myself, back when the Web ran on steam power. It is a skill that comes in very handy; yet only a handful of journalists on “Fleet Street” know how to do it, I’d wager.

Then a quick Google for Kirstin Prisk would have turned up a number of matches for a photographer of the same name in Cornwall who shoots waves. After that, they could have contacted Kirstin and see what he knew about this.

One thing this good advice ignores is how newsdesks work. Newsdesks see one excited story written by one excitable journalist somewhere, and dispatch someone to go and do it bigger. If you call and say that actually, that’s not the story (say, you’d talked to surfers who gave you blank looks) they’d just say you were rubbish at finding the real people with axes to grind. To up the stakes some, it’s rather like proving the non-existence of WMDs, faced with lots of Iraqi exiles (say) who insist that there’s a very active program to develop them.

In other words, newsdesks really *do not* like having what sounds like a good story knocked down. Their attitude, to quote my favourite film, is: “You provide the prose poems and I’ll provide the war.”

Comparing search engines, e-government (does it work?) and how bats prove something about sex

This week’s Science and Technology pages are up (have been for a day, but I’ve been busy, and wanted to let people outside Europe and the US tell me if they read this before I block it.

Anyway, I’ve compared the search performance of Google, MSN and Askjeeves (the result may surprise you); Wendy M. Grossman examines the state of UK e-government; and Tim Birkhead on bats, sexual attraction and smell.

If you’re reading this from South America or Asia/Pacific, get in touch before I cut your access

OK, getting bored with Trojanned Windows PC trying to comment-spam this blog. The vast majority are from LACNIC and APNIC addresses – Latin America and Asia-Pacific. So I’m planning sometime soon-ish to simply block them from accessing this site. Because frankly, I don’t believe I have readers there.

Gah! What about Australians!? Slaps forehead. And New Zealanders?!

OK, here’s how to find out if you’re listed with APNIC or LACNIC: go to and then click the third line, saying “Who owns this IP address?”. If it comes back as a LACNIC or APNIC block, come back and drop a comment here. (The comments system will catch your IP.) Then I’ll know to allow your ISP to access this page. Because frankly it’s my bill for hosting that these comment spammers are using. And it’s annoying.

Otherwise I’ll add the APNIC and LACNIC blocks in a week or so. Spread the word, Aussie and New Zealanders..

Two examples of hoked-up stories, and a third of amazing PR

First: Journalists taken in by ‘surf rage’ hoax: Journalists from across the country descended on Portreath in Cornwall last week to witness for themselves what one national newspaper described as the “surf rage” that threatened to “cripple the thriving local tourism on which the town survives”.

But this week the threat of all-out surf wars receded when a group of marketing and journalism students claimed the whole thing was a hoax – and boasted they had hoodwinked the nation’s media. Which indeed they had.

And as for today’s Daily Mail splash, following on from News At Ten’s story, saying that “security chiefs had stopped” plans by Al-Q’aida to fly planes into the Canary Wharf skyscraper – I’ll lay very good odds this is tosh. Remarkably interestingly timed tosh, coming ahead of a Queen’s Speech with lots more draconian terror measures. Sorry, anti-terror measures. Al-Q’aida might have wanted to fly planes into those buildings. They probably still want to. But as to having got anywhere down the road to a copycat of September 11 – dream on. It’s just like the story of The Al-Q’aida manhunt that isn’t, where back in August we were earnestly told by the Daily Mail (again) and the Times that there were five AQ militants on the run. Despite police and security sources denying it.

Next we come to the “JFK Reloaded” game – which has picked up just a few headlines. Kudos to the developers, who have got plastered everywhere.

A drop of Genius: my take on the London Apple Store

Monday’s paper carried a feature I wrote on the Apple Geniuses: Meet the Supergeeks (I don’t write the headlines, OK?). Enjoy.

Extracts: The Genius Bar could be called the core of the Apple concept. The people all appear irredeemably nice and unswervingly faithful to their cause. Despite my best efforts, I can’t get them to diss the opposition. Not Microsoft, the traditional “enemy” (“Microsoft writes good software, for the Mac, too,” says Neil. “We sell it in the store, over there.”). Not even the high-street chain Dixons, which many buyers see as setting a baseline for cramped, uninformed buying. (“I can’t comment on that,” says Toby, smiling.)

And: In the world of computing, the divide between Windows and “the Mac” (as Apple’s machines are often generically called) is as vast, and as small, as that between Britain and France. They speak different languages and have different cultures, and one (Windows, or Britain) has become dominant, while the other (Apple, or France) has had to learn to accommodate its more weighty sibling. This doesn’t stop the French, or Apple users, having a strong sense of their own importance. And when Windows users find themselves embroiled in unpleasant, unstoppable wars against virus-writers, the Apple owners can stand aside, aloof, because the virus-writers’ malice is aimed at Microsoft, the US company behind Windows, rather than at Apple. The countries/language metaphor actually works better than you might expect.

And my own personal thoughts on the Store? Big, airy, light, as though you’d blown air into any standard computer-selling store, where you have to squeeze past people looking at stuff on the other rack. It’ll be interesting to see whether this turns into a pick-up joint like the New York one (thanks Macworld for the pointer).