The weekly newsletter for Fed2 by ibgames

EARTHDATE: September 7, 2008

Official News page 11


WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

I see the latest in thing to get quoted on is 'Video Game Addiction'. It seems some people are spending too much time playing computer games. More than two hours a day was one figure I saw quoted. As a kid I spent more time than that reading books. Does that make me a book addict in need of drying out? I haven't noticed anything in the news about video game addicts mugging old ladies to obtain money for a new game fix.

It's not even new, I can remember fifteen years ago giving a talk about designing on-line games, only to have a member of the audience accuse me of pushing drugs (presumably digital drugs). Video games, online or otherwise, are entertainment, nothing more, nothing less. Like any entertainment, if they really do entertain, there will always be some people who will over-indulge. Usually, it's not dangerous, occasionally there are problems, but life is like that. Carrots are nice, but if you eat enough of them you will become bright orange and die, since at that level they are poisonous. I don't see stories about the dangers of addiction to carrots.

I would hazard a guess that more people have died from overdosing on carrots than from video game addiction!

And now for the main feature...


Roundup: Cops and Robbers

I see that according to the US Treasury Department watchdog, the Internal Revenue Service (IRS) computers are riddled with vulnerabilities. A recent report indicates that a staggering 2,093 IRS web servers have at least one security hole in them, many of them have more than one. That wasn't all - they also identified 1,811 internal servers that weren't approved for connection to the network, and of those 1,811 it turned out that over a thousand were being used for non-IRS business purposes! Some of the servers even had blank passwords, and most of the unauthorised ones didn't have current security patches applied.

Here in the UK, we do things differently, of course. We wouldn't dream of putting those poor hackers to the trouble of hacking into our Customs and Revenue computers. What we do is to copy the information onto unencrypted disks and then 'lose' them. Half the population had all their personal data go west earlier this year, courtesy of the taxman. There may be cultural differences between the two sides of the Atlantic, but the results are the same - personal data available to any criminal with a bit of initiative.
http://www.theregister.co.uk/2008/09/05/irs_network_report/

There was an interesting snippet on silicon.com the other day. It was based on a quote from Keith Foggon, head of the UK's Serious Fraud Office digital forensics unit. He was pointing out the problems caused by the fact that security holes in the iPhone and other smart phones meant that criminals could remotely wipe the phones after using them for criminal activities.

The article also noted his forensics unit had tools capable of pulling all the data off 1,100 of the most popular mobile phones and PDAs. It seems that the shift from PCs to mobile devices of one sort or another is causing a similar shift in digital forensics. I wonder how long it will be before someone's internet connected fridge is seized for digital investigation!
http://networks.silicon.com/mobile/0,39024665,39282266,00.htm

And talking of internet connected devices, I see that international locksmiths Ingersoll-Rand have come up with the ultimate in insecure house locks. These are keypad based door locks that can also be operated over the internet via a mobile phone or computer. I ask you, would you trust the security of your home to a lock that can be operated over the internet? I think not. Back to the drawing board with this one.
http://consumer.schlage.com/customerservice/LiNKLaunchRelease.pdf

The New York Times has an interesting story about one man's account with JPMorgan Chase's private banking operation (private banking is only for people with a lot of money - if you need to ask how much you don't have enough). It seems that someone managed to use the electronic transfer system to syphon off no less than US$300,000 from the account in 'small' (for some definition of small) amounts over a fifteen month period before the it was spotted. The really bad news was that JPMorgan Chase are only covering US$50,000 of the loss, because the account owner should have spotted it earlier.

The rest of us may not lose quite such spectacular amounts, but from all accounts it happens quite often, and it seems that the frequency is increasing as people move to more and more electronic transactions. So, the moral of this story is that it is important to check over your bank and credit card statements when they arrive. Always query items that you don't recall. It's better to look like a dork because you forgot that you bought your other half a birthday present at somewhere unusual, than it is to look like a totally broke dork because you were too embarrassed to ask about an odd looking transaction on your account!
http://www.nytimes.com/2008/08/30/business/yourmoney/30theft.html

I have two stories from the UK police which are of some interest this week. First the good news. In an unprecedented outbreak of tech savvy, the London police have used Web 2.0 mashup techniques to link their crime figures to Google maps. This provides the locals with crime maps that indicate what type of crimes are prevalent in their area, allowing they to take specific action to secure their belongings. The website allows householders to drill down to a very local level, as well as looking at crime over a wider area. Very good - ten house points and a gold star for the police.

Unfortunately, that was not the end of reported police hi-tech activities this week. Perhaps lack of hi-tech activity would be a better description. It seems that someone forgot to renew the domain registration for the UK's National High-Tech Crime Unit website. I think you can guess the rest - yes, someone else snapped up the domain. Fortunately for the unit, the new owner is a domain speculator, not a hard core porn merchant, but it's still very embarrassing for the digital powers that be. Lose five house points!
http://www.kablenet.com/kd.nsf/FrontpageRSS/F0FB091C03A869E1802574BA002FC6E5
!OpenDocument

http://www.pcpro.co.uk/news/222558/police-lose-national-hightech-crime-unit-website.html

Back to good news, especially if you are a fine wine snob. Very fine wine, that is. Very expensive fine wine - like a minimum of US$2,000 a bottle. For instance, what if you paid half a million dollars for four bottles of wine that had belonged to Thomas Jefferson, as American collector William Koch did recently. You'd want to be sure they were genuine, wouldn't you?

Well, the UK's 'Antique Wine Company' have teamed up with the National Centre for Scientific Research (CNRS) in Bordeaux to develop a technology to authenticate expensive wines.

I know this sounds unlikely, but the technique involve sticking the bottle into a particle accelerator. OK - it's the bottle, not the wine in it that they zap with the beam. It seems that they can use this to distinguish how old the bottles are, and roughly where they originate. It sounds fascinating, and I'd love to find out more.

And by the way, Mr Koch sued the German wine dealer from whom he purchased his wine, claiming that they were fakes...
http://www.physorg.com/news139599977.html

Finally, in this section, I thought I'd draw your attention to what may well be an urban legend in the making. It all started when 'Mythbusters' TV program co-host Adam Savage told a hackers conference that a planned segment about the reliability, security, and trackability of RFID had been pulled by the Discovery Channel. The reason, he claimed, was that lawyers for the credit card companies had made it '...clear to Discovery that they were not going to air this episode talking about how hackable this [RFID card] stuff was...'.

Fast forward to this week and we have denials from the credit card companies that any such meeting had taken place. Not only that, but Savage has since issued a statement saying that he got his facts wrong.

So there you have it, it's all a mistake. Or is it? Both sides of this argument are equally plausible. My guess is that the credit card companies probably did indicate some sort of unhappiness, but not much more than that, and that Savage somewhat exaggerated this for dramatic effect. But that's all irrelevant, because the original story is too good not to become an urban legend. After all, most of us have suffered at the hands of arrogant and unresponsive credit card companies at some time or other, so we want to believe Savage's story. And, of course, we all realize that Savage would have to retract the story to keep his job, whether it was true or not!
http://consumerist.com/5043831/mythbusters-gagged-credit-card-companies-kill-episode-
exposing-rfid-security-flaws

http://www.theregister.co.uk/2008/09/03/mythbusters_gagged/
http://www.theregister.co.uk/2008/09/04/mythbusters_rfid_backtrack/


Shorts:

Anyone out there old enough to remember the movie Ghostbusters? Yes? Well here is a first for the film - it's the first film to be brought out on a USB stick. You can even copy it to your hard drive. It won't play unless you have the stick plugged in, which begs the question of why you would bother. Given that few things are more irritating than having a USB drive sticking out of the side of your laptop I can foresee one of two things happening. Either no one will buy the awkward things, or a hack to strip off the protection will be out within a month, and people will copy the contents to their hard drives. You never know - they may even burn it to a DVD!
http://www.custompc.co.uk/news/604788/ghostbusters-is-first-film-to-be-released-on-
usb-stick.html

Microsoft's new Internet Explorer 8 is out in beta for people to try out at the moment. I would suggest that you think twice about taking advantage of the 'opportunity'. It seems that IE8 actually uses more memory than the whole of the Windows XP operating system! In addition to the 350-400mB footprint it runs between 150 and 200 concurrent execution thread, and loads six copies of itself. It's twice as demanding of resources as Firefox.

Presumably, Microsoft think that the hardware to run this beast will eventually catch up. That's possibly true, but except for those who run at the cutting edge, most people now have computers that can do everything they want, and aren't going to buy new ones until the old ones stop working. In the meantime, perhaps Microsoft should allocate the odd techie or two to figuring out how they are going to fit IE8 onto smart phones and the likes of the EeePC, which are being bought and traded in frequently.
http://cwflyris.computerworld.com/t/3562206/250590949/136383/0/


Homework:

ZDNet's 'Zero Day' blog has a fascinating piece about CAPTCHA solving for money in India. CAPTCHAs are those pieces of warped text some web sites and services put in for you to solve so that they know the user is a human, not a machine. At the moment machines can't compare with humans for speed of deciphering these words. So, why not employ humans at a rate of US$2 for every 1,000 CAPTCHAS solved? This means you can register spam accounts on the likes of Google and Hotmail, even though the CAPTCHA has worked perfectly - it was solved by a human. In India CAPTCHA is big business - big enough that it even has take-overs and mergers. Take a look at the article, it shows a completely different side of the hi-tech 'data processing' business.
http://blogs.zdnet.com/security/?p=1835


Coda: More on previous stories

Looks like adverts based on ISP tracking are dead in the water (in the USA at least, the UK is a different story). The outcry over the snooping is forcing the ISPs, even those who admit to carrying out trials, to back off, at least for the time being. In the meantime six ISPs have admitted to carrying out trials. They are Bresnan Communications LLC, Cable One Inc, CenturyTel Inc, Embarq Corp, Knology Inc, and WideOpenWest. The last one sounds like a good name for a company that was opening its customers' private communications. If any of them provide you with internet connectivity, you might feel inclined to ask them a question or two...
http://www.physorg.com/news139490939.html
http://www.physorg.com/news139411219.html


Geek Toys:

Feeling a little peckish, but don't want to break off from the computer? I have just the thing for you - a Crazy PC Toaster. Yep. Fits into a 5.25 inch drive bay - pop in the bread and, voila - toast in minutes. The main problem is that the control software is only available for Windows, but I've no doubt that someone will come up with an open source Linux driver for it sometime soon! Just remember, though, you put the butter on after it's been toasted, not before...
http://www.crazypc.com/other/misc/toast.htm


Scanner: Other Stories

Defining video game addiction
http://www.1up.com/do/feature?cId=3169643

US no longer the world's internet hub
http://www.nytimes.com/2008/08/30/business/30pipes.html

Carpetbomb bug tarnishes Google Chrome
http://www.theregister.co.uk/2008/09/03/google_chrome_vuln/

UK's Driver & Vehicle Licensing Agency misses database accuracy target
http://www.kablenet.com/kd.nsf/FrontpageRSS/056101FD378446C9802574B30049CBE4
!OpenDocument

Cloned US ATM cards: Can they fool Brit self-service checkouts?
http://www.theregister.co.uk/2008/08/29/cloned_us_atm_cards_in_uk/

FAA outage reveals odd computing practices
http://www.physorg.com/news139239606.html

Google launches beta version of its open source
http://cwflyris.computerworld.com/t/3562147/121542017/136443/0/
http://cwflyris.computerworld.com/t/3561967/121542021/136436/0/
http://www.google.com/googlebooks/chrome/index.html


Acknowledgements

Thanks to readers Barb, Fi and Slashdot's daily newsletter for drawing my attention to material used in this issue.

Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...

Alan Lenton
alan@ibgames.com
7 September 2008

Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html


Fed2 Star index Previous issues Fed 2 home page