Posts tagged: RISKS

Like every other web site/service/app/community/thingy that allows individual user contributions, there’s spam on Delicious too. The perp I came across today was “mcloan” – check the page out for yourself – and there are many more. Fred Stutzman has a good post on the subject, and I came across an exchange with naive Delicious spammers on Brian Dear’s weblog from last year.

But what’s Delicious/Yahoo doing about this? Where’s the Craigslist-style “flag this user as a spammer” button?

Feedback sent to Technorati today:

Please, I beg you, kill those talking “SitePal” ads. I keep my PowerBook plugged into an amplified speaker setup all day, and when the “Pal” begins talking after having been displayed for X seconds (without me so much as mousing over it, I’m pretty sure), it’s heinous. And embarrassing if anyone is within earshot.

In case you haven’t been following this mini-saga – about two security researchers, an alleged MacBook wireless security vulnerability, and a writer from the Washington Post – here’s your study guide.

The original story at blog.washingtonpost.com (does the “blog” part mean we should lower our journalistic expectations?) has the unassuming title of “Hijacking a MacBook in 60 Seconds.” An alternate, more descriptive title is “Hijacking a MacBook via a Third-Party Wireless Card that Nobody Would Ever Use, in 60 Seconds, and Also Allegedly Hijacking it via the Built-In Card that Everybody Uses, But Wait, Maybe Not, Sorry, We Can’t Talk About That.” You can see why they went with the shorter title.

This actually happened two months ago.

I learned of my achievement via a mail administrator wondering why thousands of pieces of mail (spam, it so happened) getting forwarded to my GMail account were bouncing back. The bounce messages didn’t say “mailbox full” or “user exceeded quota” or anything like that, so even I didn’t know what was going on at first.

So, there’s a bit of a stink brewing about Comcast’s SMTP blacklist. Once again, Comcast decided to block mail forwarded from the Well to Comcast addresses, and they have been raising similar havoc elsewhere. Nothing gets people pissed off like messing with their email.

It’s possible that Comcast’s admins are well-intentioned, but it’s also possible that this is part of a business strategy to push people from small ISPs (who sporadically get blocked by Comcast) to Comcast itself (which happens never to get blocked by Comcast).

So, a serious security hole in Rails was announced this week. There’s a lot of bashing going on about “security through obscurity.” I’ve always understood STO as sustained secrecy about known (or possible) vulnerabilities, which seems different from the Rails team’s provisional waiting period between the initial announcement and the full disclosure. (And the patches themselves told the story, for those familiar with the source.)

Not that there weren’t legitimate problems with their patch release process. They definitely made mistakes they can learn from.

A story on Slashdot notes that Yahoo is now selling one (yes, one) MP3 without digital rights management shackles. The best comment I saw:

This isn’t a marketing ploy to pretend to be anti-DRM when they are not, and this is not being done because they “want to work on other stuff”. This is being done because DRM free music is the only way Yahoo and company can break into the monopoly iTunes has over the iPod, which itself has a near monopoly on MP3 players.