[SecurityRatty] tag: mothers

"Interesting" Advert Placements On Facebook

Thu, 03 Jul 2008 14:45:10 +0000

I've had a few people mention "odd things" happening when trying to install an application on Facebook called "Gridview". Well, I decided to try it out. On the install screen, you see this:

Makes sense so far. Here's the install screen where you agree to let the application loose on your profile:

Click to Enlarge

Once done, you see the following screen and this is where it all starts to go a bit wrong:

Click to Enlarge

Note that the application is ALREADY installed by this point, because the Gridview icon is on your list of current applications (highlighted by the red box on the left).

However, top right (also highlighted) is a box made to look like a standard Facebook "continue" button. When installing the application for the first time, this caught me out too - I didn't notice the app was already installed and (naturally enough) clicked the "continue" button, thinking there was something else I needed to do to complete the installation.

Imagine my confusion, then, when I was suddenly presented by this:

Click to Enlarge

A page asking me to download "Mothers Day E-cards", via IAC (creators of Smiley Central, amongst other things). By this point, you've left the Facebook network completely and are sitting on a page served up by an advertising network - go back to the Facebook screenshot above and check out the URL at the bottom of the browser. That's the actual destination of the "Continue" button.

That's a pretty sneaky tactic, if you ask me.

What needs to be established is, who is responsible for the placement of the fake "Continue" button? Is it the creator of the application, or is it legitimate advertising space on Facebook being subverted in a rather creative fashion by an advertising agency promoting IAC products?

I've tried reinstalling the application a few times, and the graphic displayed sometimes changes to more overt "this is an advert" style banners leading to other sites offering similar downloads / offers. Other applications installed don't seem to display sneaky adverts like that in the same location, but every application install is somewhat different so that's not really a conclusive answer.

At any rate, be wary of what you click on when installing Facebook applications...

Sometimes danger lurks right under our nose.

Thu, 05 Jun 2008 18:23:00 +0000

When Executive Protecion Specialists think and speak about "Threat Assessment", they are usually focusing on a known or suspected danger that may prove life-threatening. Sometimes, that danger may already have made itself at home and is silently destroying lives and eating away at victims like a cancerous growth.

One such story was highlighted by the "Washington Post Magazine" on May 25th, 2008. It involved a young girl who had been molested and raped by her own father. A man who was something of a hero to many. A man who had walked side by side with Dr. martin Luther king and who was only a few feet away from the Civil Rights leader when he was assasinated. That man is James Bevel.

I had the pleasure of listening to Col. Dave Grossman speaking at UCLA last April. He was eloquent in his description of how young lives are taken and families estroyed by School killings. He also spoke about those who prey on the less suspecting. He equated it to the Wolves hunting down and eating sheep. Mr. Bevel appears to be one of those parasitic wolves.

For years he raped his little daughter, telling her it was something of an "experiment". In his mind, he didn't think that it mattered. His unfathomable belief (and apparently remains the same until this day) is that all women are prostitutes until they reach a certain age, when sex is set aside for procreation. This beleif allowed him to allegedly rape his eight year old daughter on many occassions.

His daughter, Aaralyn Mills, finally found the courage to step foward and contact the Police in 2005. She assisted the Leesburg authorities to tape record her conversation with her father. In that conversation, James Bevel admitted raoping his daughter and that it was part of a scientific process. Unfortunately, her mother, like many other mothers, did not want or couldn't face the truth. This gave the big, bad wolf all the space he needed to desecrate the little sheep.

Sadly, men like this are living throughout our communities. they come in all shapes, sizes nd colors. Some are Doctors, Community leaders, Priests, Police Officers, Electricians and Preachers. If you have been entrusted with the job of protecting an innocent lamb, be a strong and fearful sheepdog and protect your flock, with your very life if need be. Be brave like Aaralyn Mills. She stepped forward at this time in her life because her father who has many children with many different women has now a young daughter and her half-siter is afraid that he will rape her too.

The ID Divide

Wed, 04 Jun 2008 02:34:45 +0000

Yesterday the Center for American Progress published its paper on identification and identification technologies: "The ID Divide: Addressing the Challenges of Identification and Authentication in American Society." I was one of the participants in the project that created this paper, and it's worth reading.

Among other things, the paper identifies six principles for identification systems:

Achieve real security or other goals
Accuracy
Inclusion
Fairness and equality
Effective redress mechanisms
Equitable financing for systems

From the Executive Summary:

How can these principles be honored in practice? That’s where the "due diligence" process comes into play when considering and implementing identification systems. Due diligence in the financial world of mergers and acquisitions and other important corporate transactions is conducted before a company makes a major investment. Proponents of, say, a merger (or in our case, a new identification program) can err on the side of optimism, concluding too readily that the merger (or new ID program) is clearly the way to go. Thorough due diligence protects against such over-optimism.
In the pages that follow, we apply this due diligence process to some recurring technical problems with current and proposed identification programs. And we discover—as you’ll see toward the end of the report—that ID programs that rely on "shared secrets," such as Social Security numbers or your mother’s maiden name, are becoming more insecure due to the increased use of identification. Similarly, ID programs based on biometrics such as fingerprints or iris scans are not the "silver bullets" that some proponents claim they are, but rather could become compromised rapidly if deployed in haphazard ways.

We then apply our progressive principles and due diligence insights to two current examples of identification programs. The first details why it would be bad policy to require government-issued photo ID for in-person voting. The second shows the basically sound policy rationale for the Transportation Worker Identification Card, used for workers with access to security-critical port facilities. By examining one identification program that is reasonable, and one that is not, our analysis shows the usefulness of the Progressive Principles for Identification Systems.

I participated in the panel discussion announcing this report, along with Jim Harper (Director of Information Policy Studies at the Cato Institute).

Its Mothers Day, be thankful you have a mom to call - so do it.

Sun, 11 May 2008 10:47:04 +0000

Mothers Day is always a tough one for me. My mom passed away 25 years ago and though time has passed to cover up a never healed wound, every Mothers Day the scab is torn off a bit and the regret and pain ooze through. Having our kids celebrate Mothers Day with my wife has made it better, but nothing takes the place of your own Mom. Fred Wilson reminded me of that today with this post about a Tom Friedman piece in the NY Times today.

Tom just lost his mom last year after a long bout with dementia it seems. She was 89. Tom reflects on her remarkable life and how she influenced him to be what he is. Can any of us say any differently? Weren't all of our Moms special to each of us. Isn't so much of the people we are today directly related to that woman who raised and nourished us? Of course. So on this day honoring Mothers everywhere, if you are lucky enough to have your Mom available to thank, do so and don't miss the chance because you never know when you might not be able to.

Happy Mothers Day Bonnie and to all of you mothers everywhere!

Mothers, let your sons grow up to be hedge fund managers

Wed, 16 Apr 2008 05:07:25 +0000

When I was a kid it was fashionable to think that your mother wanted you to grow up and be a doctor, a lawyer or some other such professional. A policeman or fireman was dangerous, a sanitation worker did not have much prestige. By the time I was in college, the smarter kids were going to work on Wall Street, instead of going to medical or law school. Later during the dot com bubble, many of the best and brightest were siphoned off from Wall Street to go into technology. It is obvious that bright young adults are going to follow the money. Well if that is the case, there is no alternative but to grow up and become a hedge fund manager according to this article in the NY Times today.

Several of the most successful managers made over 3 billion dollars each last year alone! That is not that their companies cleared 3 billion, they themselves made 3 billion. In fact to make it to the list of the top 25 hedge fund managers in terms of compensation you had to earn at least 360 million dollars last year alone. Think about that in terms of the median American family income was $60,500.00 dollars last year. So ask yourself, what are you doing securing networks or whatever you do. Stop wasting your time and go get into the hedge fund business.

Seriously, think about it. Hedge funds don't manufacture or make anything, they don't sell a product per se. They manipulate money and make bets on what will go up or down. Sort of the ultimate riverboat gamblers. They aren't teaching our kids to be better people, they aren't making the world safe or making the environment better. But the rewards for what they are doing are almost beyond belief. What message does this send as a society? When I see companies that won't spend a couple of dollars to make sure that your confidential information remains confidential and than see these kind of numbers, what does this society value?

But who am I to rain on the parade of these Titans of Wall Street. I am going to go home and start working on my sons to think about thier future. Like they told Dustin Hoffman in "The Graduate", just one word - ~~Plastic~~ HedgeFund!

Inane security questions

Mon, 18 Feb 2008 20:07:19 +0000

I am the trustee of a small pensions scheme, which means that every few years I have to fill in a form for The Pensions Regulator. This year the form-filling is required to be done online.

In order to register for the online system I need to supply an email address and a password (”at least 8 characters long and contain at least 1 numeric or non-alphabetic character”). So far so good.

If I forget this password, I will be required to answer two security questions, which I get to choose from a little shortlist. They’ve eschewed “mother’s maiden name”, but the system designer seems to have copied them from Bebo or Disney’s Mickey Mouse Club:

Name of your favourite entertainer?
Your main childhood phone number?
Your favourite place to visit as a child?
Name of your favourite teacher?
Your grandfather’s occupation?
Your best childhood friend?
Name your childhood hero?

Since most pension fund trustees, the people who have to provide good answers to these questions, will be in their 50’s and 60’s, these questions are quite clearly unsuitable.

I’ve gone with the last two… each of which turn out to be different from the password, but the answers, weirdly enough, are also at least 8 characters long and contain at least one numeric or non-alphabetic character!