A lazy and amusing phishing attempt

Scams on the Internet never cease to amaze me.  Some of them are sophisticated, some subtle, and some are just downright absurd.babelfish

I’d recently discovered a mailbox that I had left unattended for several years.  It had no anti-spam tool monitoring it, so it was mostly filled with really obvious spam messages and phishing attempts – email scams where people try to fool you into putting in your financial information into a site that looks like a legitimate banking site.

I found this message particularly amusing and thought I would share:


The email wants me to believe that Bank of America is giving me $30,000 in a lottery I never signed up for, never identifies me by name, and wants me to become a Western Union “Active Member.” (The message was sent in 2007, otherwise the Bank of the America reference would clearly be even less believable.)  All I have to do is send $400 to a Western Union in Phoenix, Arizona.  Phoenix isn’t even the corporate headquarters for Western Union.  Couldn’t they have thought of something more clever than that?  It seems pretty lazy.  It made me wonder how many people might have actually fallen for it.

Meanwhile, Microsoft recently published a study showing that the public estimates of losses due to phishing may be over-exaggerated by as much as a factor of 50.  In fact, most phishers may ultimately become victims themselves.  In the study, the researchers concluded that:

One explanation of the thriving trade in phishing-related services … is that phishers with more experience prey upon those with less. That is, those who have tried phishing and found it unprofitable or marginally profitable find it better to sell services to those who haven’t reached that conclusion yet.

So the big fish eat the little fish, just like in the sea.  Nice.


I just took a peek at the Western Union website.  Maybe this type of scam is more prevalent than I thought.  Front and center on their online transfers page is a very clear and stern warning:

Protect Yourself from Fraud Don’t Send Money

  • To someone who you don’t know
  • To claim lottery or prize winnings
  • Based on a promise to receive a large amount of money
  • Because you were "guaranteed" a credit card or loan
  • In response to an Internet or phone offer that you aren’t sure is honest

It’s really surprising that people actually need to be warned that they shouldn’t send money to claim a lottery or prize winnings.

[Microsoft Phishing Study c/o InformationWeek]

Google Gears is finally becoming useful

gears When Google first released the 0.1 version of their Gears browser plug-in back in May 2007, I thought for sure it would be only a matter of a few months before we saw web applications taking full advantage of an offline mode, maybe a year at max.  I think I may have grossly underestimated just how long the project would take to gain adoption, both from Google’s own applications as well as the rest of the Internet.

But even though adoption has been slow, more and more applications are gradually getting Gears treatments.

Today Google announced that Gmail can now be taken offline with Google Gears, meaning that you can now read and reply to your Gmail messages while you’re disconnected from the interweb, and have all of the email synchronize when you’re back online again.  There are still some bits of functionality that aren’t available in an offline mode – like the calendar, for example – but it’s a great start and about time.

Google Reader has offered offline support through Gears for some time now, and so has Google Docs.  Wordpress, although not an application developed by Google, has featured gears support for some time now.

It’s exciting to see so many powerful and rich applications available for offline use with Gears.  This could be one of those little things that Microsoft hears about and gets them a little bit nervous about the long-term future.  It’s probably far too early to make predictions about how much further web applications will go in replacing traditional desktop applications – and certainly there will always be some applications that will probably never be practical as web applications, like Adobe Photoshop for example.  But traditional “knowledge worker” applications – office productivity applications – seem like prime targets to be replaced by rich web applications.  Reliable and usable offline versions will likely accelerate the pace of innovation in these types of applications, as having an offline version will likely speed up end user adoption.  In other words, I think we’re hitting an inflection point where Google may consider a heavier investment in engineering and development of these tools.  Plus, Microsoft is planning a full web interface of their Office suite with the Office 14 release.  This could be the start of a new software war: the offline office suite war.

But I could be wrong.  As I said, I overestimated how quickly Gears would be adopted in the first place.  So we’ll see, I suppose.  My money is on Google for now, though.

Intellectual property and terms of service, part deux

note Earlier this week I wrote about Google’s TOS (terms of service) which grant Google an irrevocable right over the content you post through their service.  I took a look at Twitter’s terms of service, and found a rather different story which I thought is worth mentioning:

We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours. You can remove your profile at any time by deleting your account. This will also remove any text and images you have stored in the system.

This seems like the right way to go to make people comfortable about using the freely use the system to transfer ideas that may contain pieces of intellectual property.

Kudos to Twitter for the straightforward rules over content copyright.

Three good things about the economic downturn

i00420Life always presents challenges.  But you don’t need to read that from me to know it’s true.  Without a doubt, we’ve all had our moments of feeling like we’re on the brink of total doom and permanent darkness.  But even in an economic climate like this, where we all grow weary of frequent news of companies slashing jobs, there are some positive benefits for all of us.

Once again, it’s worth noting that I am a die-hard optimist.  I’m not sure how that came about, but I think it’s just my nature – I can’t remember a time in my life where I didn’t think that at some point things would turn a corner and get better.  It seems to me that the problem with being perpetually negative is that you end up relishing the bad times – you enjoy when things go as badly as you thought because it means you were right.  I’m sure my optimism probably annoys people who prescribe to the the doom-and-gloom prophecies of the future.  But even despite my continually, and admittedly perhaps frustratingly positive outlook on the future, I think there are at least three extremely positive things about this economic downturn that are worth reflecting on:

  1. We’re no longer on a path unsustainable consumption to the point of both environmental and societal collapse.  Most people, even the extremely wealthy, are taking a moment to think a little more than they used to about their purchase and their needs, as well as their own personal responsibilities.  Hopefully this will snap us out of the narcissistic self-entitlement complex that seems to have a strong grip on society, especially American society amongst those of us who fall into the Gen X and Gen Y category.  Having a strong economy, strong country, etc. is all very important.  And I do believe that the principles of capitalism are truly the only way to have a free and just society.  But we’re all humans, and we all deserve to be treated like humans.  There is no question that we all should be entitled to our own pursuit of happiness, but we also all deserve to be treated with full dignity and respect.  That means that none of us ought to feel more entitled than the other, regardless of current or potential economic status, religious beliefs, sexual orientation, gender or race.
  2. Almost everyone in the world is feeling and seeing the effects of this economic downturn.  It takes global situations like these to help remind us that we’re all a part of the same fabric.  Many of us have lived our entire adult lives in times of relative prosperity and wealth.  It’s hard for those of us with that perspective to empathize with those in less fortunate circumstances.  In both existential and economic terms, we’re inextricably linked to one another, and this worldwide environment helps remind us all of that.  Being reminded of this every so often helps put everything in perspective.
  3. The downturn can’t and won’t last forever.  There have been times in both American and world history where we have faced these kinds of challenges and overcome them.  Once the economy begins to recover, there will be an open opportunity for everyone to find their own path to prosperity.  Our careers, our daily work, even our perspective on what makes life a worthwhile experience may change, but there will be new opportunities.  It’s a good reason for us all to pay close attention to how things unfold over the next few months, perhaps even years: it’s not clear when or how the economy might recover, but when it does there will be exciting and lucrative possibilities for many of us.

Here’s to a better future for the world and humanity as a whole.  May it benefit us all.

Who really owns your intellectual property (IP) online?

i00239When it comes to who actually owns the content you post online on your favorite social networking sites, the devil is in the details.

I happened across a great blog post from Chris Bucchere, founder and CEO of BDG – the folks behind The Social Collective.  In response to a post about Robert Scoble losing his Facebook account because it was mistaken for a spam account, Chris wrote:

If you think there are safer or better places than Facebook to put “your data” on the internet, you’re also mistaken. Take a peek at Google’s TOS. In particular, read section 11, where you hand over all rights to “your” content to them (except basic copyright, which you automatically have any time you produce an original work and put your name on it). You’re basically giving Google a free license to use your content — even for their own commercial gain!

For your reading ease, here’s the part of Google’s TOS in particular that Chris was referencing:

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence [sic] to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

(Yes, Google’s TOS agreement does indeed include a misspelling of the word license.)

Chris goes on to point out that this is because Google intends to parse the content and make it available to advertisers so that they’ll know what advertisements to display to you.  The exact section of Google’s TOS doesn’t indicate that you lose any rights over the content that you enter.  You still retain a irrevocable license over it.  But it is clear that Google claims a right to reuse it as they need, and to transfer that right to anyone else.

This brings up an interesting scenario, although probably somewhat unlikely.  Imagine if you posted some great ideas about a product you were building on Google Docs, and you had no intention of disclosing this information with any of your competitors because it was so fantastic.  What would happen if Google either purposefully or accidentally stole that very idea and started building a competing site?  This gets into a legal area that I’m totally unfamiliar with, but would love to find an IP lawyer who might be able to work out the possibilities.  It would seem, though, that Google could make claim that the work you posted was prior art, making any claim to a patent you might have (or be in the process of filing) void and null.

I’m no fan of software patents, though, but I am curious what might happen.

Oh, and remember that Google promised if they do use your ideas, you’ll at least get a shout-out on their blog.

Symantec unveils GoEverywhere SaaS security proxy beta

bilkoid_smallIt wasn’t long ago that everyone was buzzing about web mashup tools.  They were supposed to be miraculous pieces of software that would be able to bring together different disparate web applications, built in any language, and smash them together into one uber-cool application.  Alas, the term mashup is now out of fashion – or at least I am trying to make sure that it is.  The new term is: bilkoid.  (I can’t take credit for the term bilkoid, though. The credit for bilkoid goes to Mr. Thomas Quigley of Oracle.)

symantecWell, it just so happens that Symantec announced the beginning of a beta program for their new bilkoid engine, dubbed GoEverywhere.  Symantec is positioning GoEverywhere as a SaaS web security proxy solution.  There aren’t many details posted yet on their beta site, but GoEverywhere looks like a giant single-sign on web proxy that allows customers to stitch together web applications from several locations and include SSO, dual factor security, etc.

This doesn’t look quite as strong as the solution that BEA had, AquaLogic Ensemble.  It looks like GoEverywhere relies on a bunch of IFRAMEs to stitch together multiple sites onto one page.  BEA AquaLogic Ensemble, now Oracle WebCenter Ensemble, can perform the same type of functionality, but does it without using IFRAMEs.

It’s interesting to see Symantec position GoEverywhere as a security tool first and foremost.  This makes sense for Symantec, since their reputation is web security tools.  It’s also ironic, I think, that most Ensemble customers were also interested in Ensemble for the same reasons: web security (and policies, single sign-on, etc.), and less so about mashing up pieces of disparate applications.  Does this mean that mashups are really dead?  If so, long live the bilkoid.

Greetings to Australian readers!

I seem to have picked up a much larger share of Australian readers over the last few days, which is just fine by me – I love Australia.  In fact, my cat’s name is Sydney, named after the city of course.  Here she is with kitten cuteness overdrive mode engaged.

Be prepared for cuteness over 9000 …