Janet Napolitano Gives The Wrong Answer

No! The correct answer is, “Yes, this was a failure. We shouldn’t be letting known threats carrying explosives on airplanes. I am very upset. This will be fixed immediately.”

I really didn’t want to write about security and the Delta Detroit incident but then Janet Napolitano, secretary of Homeland Security, appeared on Sunday morning TV. She delivered one of the most stupefyingly insipid comments I’ve ever heard–an insult to America.

This week’s suicidal crazy used the same chemical, PETN, shoe bomber Richard Reid used!. That led David Gregory on Meet The Press to ask if this was a security failure. Napolitano answered:

SEC’Y JANET NAPOLITANO: Well, I think we don’t know enough to say one way or the other in that respect. The forensics are still being done, the investigation is still underway. I think the important point here is that once the incident occurred, everybody reacted the way they should; the passengers did, the flight crew did. And literally, within an hour, additional measures had been instituted not only on the ground here in the United States, but abroad and, indeed, on the 128 flights that were already in the air from Europe.

No! The correct answer is, “Yes, this was a failure. We shouldn’t be letting known threats carrying explosives on airplanes. I am very upset. This will be fixed immediately.”

We got none of my answer.

We are trying to protect targets when it seems more manageable to find threats.

You Get What You Pay For–News Version

Helluva scoop if it were only true.

The big buzz in media (all media, not just TV) is user created content. It’s free–what’s not to like?

From CNN’s iReport–“Steve Jobs was rushed to the ER just a few hours ago after suffering a major heart attack. I have an insider who tells me that paramedics were called after Steve claimed to be suffering from severe chest pains and shortness of breath. My source has opted to remain anonymous, but he is quite reliable.”

Helluva scoop if it were only true. I’ll let a professional writer pick it up. This is from the Washington Post.

A false Internet report that Apple’s Steve Jobs had suffered a heart attack briefly slammed his company’s stock and raised fresh questions about the delicate relationship between traditional and new media.

The posting on iReport.com — a citizen journalist site owned by Time Warner’s CNN — is the most recent incident in which a faulty online report created brief, but wrenching, confusion among investors.

Apple quickly denied the report about its chief executive, but not before its stock dropped more than 2 percent, hitting a 17-month low of $94.65. It later recovered, climbing as much as 4 percent, before closing at $97.07, down 3 percent for the day.

CNN has tried to distance itself from the iReport site and its ‘reporters’. That’s going to be tough. It’s CNN’s cred that keeps the site active. In the last month CNN used nearly 1,300 iReport submissions which encourages even more participation.

Having journalism performed by actual journalists doesn’t guarantee accuracy, but it seems to be a step in the right direction when you supervise the reporter and he/she is answerable. Citizen journalists are not. Actually, that’s not totally true as the Steve Jobs heart attack citizen journalist might be answerable to the SEC.

Last September I wrote about my upset with Fox News ‘assigning’ a story to viewers. I didn’t say it was FNC but why hide it.

[T]oday I also watched an instance of what I don’t want to see with cellphone video. I’m not going to say which cable network it was, because I can’t find anything about it on their website, and it just might be ‘freelancing’ by a producer or anchor.

The anchor showed a still from an air show, mentioned where one was taking place today, and asked for viewer video. Uh… isn’t that why they have reporters and camera crews?

I understand getting video of spot news, unanticipated events, from viewers. This is totally different. This is an assignment. I’m not even sure a business can legally ask people to work for free, can they?

Regardless, it bothers me.

It still bothers me.

Intrigue With The Missing Car

There must be a way out, I thought. Tonight I drove by the scene of the ‘crime’ looking for anything that might be helpful… and there it was.

The cost for the ticket and tow Stef acquired this afternoon was $127. It upsets me. There must be a way out, I thought. Tonight I drove by the scene of the ‘crime’ looking for anything that might be helpful… and there it was.

The “NO PARKING” sign is mounted on a pole closer to five than six feet above the sidewalk. I consulted the Connecticut State Traffic Commission Regulations.

Sec. 14-298-514 Height

(b) In business, commercial and residential districts where parking and/or pedestrian movement is likely to occur or where there are other obstructions to view, the clearance to the bottom of the sign shall be at least 7 feet. The height to the bottom of a secondary sign mounted below another sign may be 1 foot less than the appropriate height specified above.

Tomorrow I’ll make some measurements and take some photos. I’m pretty sure the ticket is invalid because the warning does not conform to the regs. How I get the tow fee back is another story. It can be done. I just need to figure out how.

Playing lawyer is fun–undoubtedly, more fun than being one.

Pump And Dump

I probably get more spam than you. My address is plastered on thousands of web pages visible across the Internet. It is, literally and figuratively, ripe for the harvesting.

Without the spam protection provided by Thunderbird, my email client, I’d be lost&#185. I still browse my spam box to make sure nothing I want is there, but it takes much less time since I already know it’s probably garbage.

Over time the spam has changed. I don’t get as much porn spam as I once did. I still get lots of meds for losing weight, gaining virility and recovering fortunes squirreled away by African despot’s aids.

More than anything, I get ‘pump and dump’ stock spam. This form of email garbage has exploded in recent months.

In case you haven’t seen these, here’s the text from one I got three dozen times this weekend:

Our picks bring our readers BIG gains! Why? Because we present well-researched, quality companies backed by promotions which have

the ears of investors around the globe. When you have GREAT product

and unrivaled PR you get super gains! This one is just what your

portfolio needs:

The Name of Company Promoted, Inc.

Symbol: XXXX

Current Price: $0.96

Projected Price: $3.20 (330% gain)

XXXX is has an incredible business model in a booming sector. Look

around you. Everything is being standardized and franchised. XXXX

is a company specializing in the development and expansion of proven

independent restaurant concepts into multi-unit locations. Business has

been booming!

A huge publicity campaign is beginning and will be supported by some

astounding press releases. It is imperative to get in before the first big

announcement. Readers, this is a big one. Don’t miss this chance!

Three dozen of these!

I know that because they all have similar subject lines, making them easier to segregate. Though they’re sent from random names, spam ‘from’ Gladys Jones would have the subject, “It me Gladys.” Spam from Geoff Fox says, “It me Geoff.”

My beef isn’t that there’s spam going out (that’s a separate beef), or even spam with poor grammar. My beef is the SEC is either powerless or unwilling to do anything about this. Can’t they make connections on who is in and out of these thinly traded stocks?

As long as these spams exist, they call into question the integrity of our markets. Yes, these may be small players, participating in relatively minor crimes, but they reflect on our financial system as a whole.

When Rudy Giuliani became mayor of New York, he quickly went after “quality of life” crimes. They were mostly small nuisances.

Google, Easy As Pi

I just got this email from my friend Wendie:

go find the EXACT number of new shares of stock that google will be

selling in its secondary offering announced today.

tell me what it reminds you of.

w

So, I did.

Google Inc. Files Registration Statement with the SEC for a Proposed Public Offering

MOUNTAIN VIEW, Calif. – August 18, 2005 – Google Inc. (Nasdaq: GOOG) announced today that it has filed a registration statement with the Securities and Exchange Commission for a proposed public offering by the company of 14,159,265 shares of Class A common stock.

Get it?

It’s as easy as Pi (also known as &#028), which is 3. 14159265

Sometimes, ya’ just gotta love Google.

Blogger’s addendum: I almost forgot. The number of shares shouldn’t be a surprise. After all, Google is named after a number. A “googol” is 1 followed by 100 zeros.

The Scariest Type of Spam

I got an email this evening from Bank of America. My email client at work, Mozilla for Linux, brought it right to me. At home, Popfile thought it was spam.

Dear valued Bank of America Customer!

As part of our continuing commitment to

protect your account and to reduce the instance

of fraud on our website, we are undertaking a

period review of our member accounts. You are

requested to visit our site by following the link

given below. This is required for us to continue

to offer you a safe and risk free environment to

send and receive money online, and maintain the

Bank of America Experience. After verification you will be

redirected to the Bank of America home page. Thank you.

http://www.bankofamerica.com/state.cgi?section=generic&update=&cookiecheck=yes&destination=nba/signin

Copyright 2003 Bank of America Corporation. All rights reserved.

That’s what it looked like – but looks can be deceiving. The link to www.bankofamerica.com was really just text. The actual web link, hidden in the source code of the email, was different (I’m going to change a few characters so it will show up here, as it is specifically formatted to be invisible!&#185):

http://www.bankofamerica.com %01%01%01%01%01%01%01%01%01%01%01%01%01….. %34:%38%30/%77%77%77/%62%6F%61/%73%74%61%74%65%5F%63%67%69%2E%70%68%70

So, what have we here? It’s an exploit, taking advantage of the way Internet Explorer (and possibly other browsers) treat what they see. You’re not being sent to a Bank of America website but actually:

http://www.bankofamerica.com/state.cgi?section=generic”>http://www.bankofamerica.com +stuff_snipped+

@211.23.65.84:80/www/boa/state_cgi.php”>http://www.bankofamerica.com/state.cgi?section=generic

In other words, the info you see is treated as if it were a username or password and the real destination is a directory on 211.23.65.84. That IP address, 211.23.65.84 is nothing out of the ordinary. Every website has a numerical address hiding behind its URL. This site, www.geofffox.com, is really 66.225.220.189.

So, who is 211.23.65.84? It’s a website, hosted by Chungwa Telecom Co, Ltd.

netname: HINET-TW

descr: CHTD, Chunghwa Telecom Co.,Ltd.

descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.

descr: Taipei Taiwan 100

country: TW

Are you confused yet?

Let’s get very simple. Someone sent out emails, looking like they were coming from Bank of America, asking people to log in and provide account details. What looked like a Bank of America website was really a website located in Taiwan.

The normal user of this IP address is Spectrum Research and Testing Laboratory, Inc. More than likely, they had no clue what was going on, and one of their computers had been hijacked for this exploit.

What’s even stranger is that the actual email was mailed from a Comcast home customer! It’s possible that the Comcast subscriber was a conspirator, but more often than not some piece of ‘malware’ has invaded that home machine and it’s now a ‘zombie’ doing the bidding of these potential identity thieves!

It just sounds too weird, doesn’t it? But this kind of stuff is going on all the time! Many people, maybe most people, who get this kind of email will bite and enter their info. Everything looks legit. Everything seems on the up-and-up.

As of this evening, the site mentioned in the email is down. How many user names and passwords were gotten before it was stopped? Your guess is as good as mine.

Catching the crooks is going to be tough. The miscreants who devised this probably aren’t in Taiwan, or using a Comcast cable modem. They could be anywhere in the world, getting ready to go on the shopping spree of a lifetime. On the Internet, there’s really no difference between Brooklyn or Bulgaria or Buenos Aires.

This is the cancer that has invaded the Internet. I have mentioned this before, but it bears repeating. The Internet in general, and email in particular, will become devalued unless a method is devised to accurately verify who is the sender. This will mean a total reconfiguration of email protocols – but it’s got to be done. And, it’s got to be done sooner rather than later.

Tonight, there’s someone, somewhere, who suddenly has the money to mount the research into writing that new email protocol – but that’s the last thing he wants.

I could not have begun to tell this story without the help of Spamcop and SamSpade. Both are top notch in getting to the bottom of spam.

&#185 – (01-10-04 3:33 PM) I just got a call from Mike, at the Cingular Store, who was reading my webpage. It seems even including the altered code from this email was enough to set off McAffee Virus Scanner! I have changed the code again and McAffee now passes it. This just goes to show how nefarious these ‘phishing’ emailers are!