Credit card scammers: the story continues

In late 1998 I was one of thousands defrauded in the $40 million Netfill credit card scam. I wrote up a web page, helped track down the baddies, was even on Japanese TV. My fame was very minimal and very fleeting, but the problem didn't go away. A system that was designed for person-present brick-and-mortar transactions has deep flaws on the web, but, absent legislation, banks have very good business reasons not to fix things.

Reading this Wired News story brings back old memories ...

Wired News: I Was a Cybercrook for the FBI

.... The full scope of the problem is hard to judge, but nonetheless staggering. U.S. banks lost $546 million to debit card fraud in 2004, according to banking research firm Dove Consulting, and credit card fraud losses were estimated to be about $3.8 billion globally in 2003 according to The Nilson Report. The Federal Trade Commission estimates that 10 million Americans are victims of identity theft each year. The financial impact of identity theft remains untold."

That's a lot of losses, and I bet less than half of the losses are ever detected, so total unrecovered losses to consumers are probably about equal to this number. In addition, outside of North America, banks are notoriously bad at covering losses, so any number based on bank losses is really an underestimate. Speaking of unresponsive financial services ...

The Schwab [brokerage] case illustrates a running theme in Thomas' dealings with the FBI. Although Thomas says he provided his handlers at the Seattle FBI with logs depicting desertmack's scheme, the bureau apparently never acted on that information -- the Oregon FBI only learned of the theft because Campbell, the victim, reported it himself after it occurred. "If we had left it up to Schwab, they might never have gotten the FBI involved at all," Campbell says...

Schwab, too, was less than responsive. Campbell got his money back from the company only after several calls to the firm pointing out the obvious security flaws in a system that failed to flag a wire request made on an account a day after contact information on the account was changed. "Schwab was pretty bad with customer service," Campbell says. "For a long time they wouldn't tell me they were going to take responsibility for it and return (the money)." (Schwab had no comment).

The Terrifying Toothpick Fish - I'll take the hungry shark please

Damn Interesting: The Terrifying Toothpick Fish. A disaster for the fish of course, but not so good for the human either. Most of us would prefer to take our chances with a hungry shark.

Revolution Health: an onerous linking policy

If you sign up to try Revolution Health (AOL Case’s project), including it’s personal healthcare record (PHR), you are legally committing yourself to obey their linking policy. Emphases mine:

Terms of use and service - Revolution Health

... 4. Linking To This Website

Unless you have a written agreement with us that specifies how you may link to the Site, following are the rules for adding a link to the Site from your website:

* The link must be a text-only link clearly marked "www.revolutionhealth.com"
* The link must "point" to www.revolutionhealth.com and not to other pages within the Site
* The appearance, position and other aspects of the link may not be such as to damage or dilute the goodwill associated with Revolution Health good name and trademarks
* The appearance, position and other aspects of the link may not create the false impression that an entity is associated with, sponsored by, or endorsed by Revolution Health
* The link, when activated by a user, must display the Site full-screen and not within a "frame" on the linking website and linking may not trigger any interstitial or pop-up or pop-under windows
* The link may not be used in connection with or appear on a website that a reasonable person might consider offensive, obscene, defamatory or otherwise malicious
* We reserve the right to revoke consent to the link at any time in our sole discretion. If we revoke such consent, you agree to immediately remove and disable any and all of your links to the Site ...

I wonder how standard such a linking policy is, I think the middle four requirements are fine but the bolded ones, especially the last are onerous. It doesn’t mean you can’t say anything nasty about them of course, you just have to remove the link on their request.

The contract required to establish a "My" account is long and complex. A lawyer would tell you not to sign without an expensive legal evaluation ...

NY Mayor Bloomberg is an ass

New York's Mayor is an ass:

The City That Never Walks - New York Times

... In December, the police say, a bicyclist was killed on the Hudson River Greenway by a drunken driver speeding along a bike lane that was completely separated from the road. Asked what was being done to improve safety in light of the biker’s death, Mayor Michael Bloomberg suggested that bikers “pay attention.”

“Even if they’re in the right, they are the lightweights,” he told a reporter.

A marvelously revealing statement.

Lest we forget: how Microsoft used to do business

I've heard similar stories from others. Tim Bray is a respected source. In the days of its ruthless ascent to omnipotence Microsoft behaved like the modern GOP:

ongoing · Life Is Complicated

... in 1997, I was sitting on the XML Working Group and co-editing the spec, on a pro bono basis as an indie consultant. Netscape hired me to represent their interests, and when I announced this, controversy ensued. Which is a nice way of saying that Microsoft went berserk; tried unsuccessfully to get me fired as co-editor, and then launched a vicious, deeply personal extended attack in which they tried to destroy my career and took lethal action against a small struggling company because my wife worked there. It was a sideshow of a sideshow of the great campaign to bury Netscape and I’m sure the executives have forgotten; but I haven’t...

The blog is an incredible thing. Irrefutable evidence.

It's less common now, but once upon a time morons with column inches would rant about the vacuity of the blogosphere. This was invariably a sign of a journalist who'd earned their inches by chance, blackmail and flattery rather than skill and insight.

It's rare now, but, even so, it's handy to keep examples like this at hand. It will shut down even the dullest mouth:

Daniel | Cosmic Variance:

... I am delighted to announce the addition of another new member of the Cosmic Variance team. Daniel Holz is a Richard Feynman Fellow in the theoretical astrophysics and particle physics groups at Los Alamos National Laboratory, working on the interplay between general relativity, astrophysics, and cosmology. Dan is a particular expert on gravitational lensing and gravitational waves...

This is the golden age of journalism ...

Elbow pads and snowboarding

If you're over 45 and given the choice between a slow painful death and snowboarding lessons, I highly recommend elbow pads. I came up with this on my own, using a pair of $30 hockey pads. I am typing now only because of those pads.

True, it takes some serious geekiness and a rock solid ego to wear elbow pads over your snow jacket, but a hockey jersey makes it look even weirder. I recommend both.

The pads have not only saved my elbows, but they make it much easier for me to fall on my forearms and protect my wrists. They even reduce impact force transmitted to the humerus, thereby sparing my shoulders a bit.

I was proud of my own invention, until it occurred to me that someone else must have thought of this. Google revealed you can buy official snowboarding elbow pads. Hmmphh. These are puny compared to my hockey pads -- they do nothing to pad the forearm. Forget these and buy the hockey gear.

Update 1/28/07: After, or even before, the repetitive falls on icy snow produce disabling back pain, consider Crash Pads 2600 power underwear.

Higgs?

A particle physicist dares to speculate that his team has spotted the Higgs boson. Odds are this is a false alarm, but there's a decent chance its real. Readers of Cosmic Variance have a ringside seat. Either we'll see the pain of everyday science or the joy of a momentous discovery.

The comments are quite good.

How to hack a human: start with the insula

Say you want to hack a human. You want to alter what they love, what they hate, what they want. You probably start with the insula:

In Clue to Addiction, Brain Injury Halts Smoking - New York Times

... The patients’ desire to eat, by contrast, was intact. This suggests, the authors wrote, that the insula is critical for behaviors whose bodily effects become pleasurable because they are learned, like cigarette smoking.

The insula, for years a wallflower of brain anatomy, has emerged as a region of interest based in part on recent work by Dr. Antonio Damasio, a neurologist and director of the Brain and Creativity Institute. The insula has widely distributed connections, both in the thinking cortex above, and down below in subcortical areas, like the brain stem, that maintain heart rate, blood pressure and body temperature, the body’s primal survival systems.

Based on his studies and others’, Dr. Damasio argues that the insula, in effect, maps these signals from the body’s physical plant, and integrates them so the conscious brain can interpret them as a coherent emotion.

The system works from the bottom up. First, the body senses cues in the outside world, and responds. The heart rate might elevate at the sight of a stranger’s angry face, for example; other muscles might relax in response to a pleasant whiff of smoke.

All of this happens instantaneously and unconsciously, Dr. Damasio said — until the insula integrates the information and makes it readable to the conscious regions of the brain.

“In a sense it’s not surprising that the insula is an important part of this circuit maintaining addiction, because we realized some years ago that it was going to be a critical platform for emotions,” Dr. Damasio said in a telephone interview. “It is on this platform that we first anticipate pain and pleasure, not just smoking but eating chocolate, drinking a glass of wine, all of it.”

This explains why cravings are so physical, and so hard to shake, he said: they have taken hold in the visceral reaches of the body well before they are even conscious. ...

Between the cortex and the subcortex, a processor that translates sensations into emotions, wants, feelings. Humans will do bad and good things with this.

The NeXT Years: Steve Job

Holy cow. The NeXT Years: Steve Jobs is not exactly the CEO story one reads in the Harvard Business Review. It's a raw mess of chaos, brilliance, randomness and mass delusion that somehow produced a vast amount of wealth -- for someone. Even Canon might have got a bit of their NeXT investment back.

The article is all about Jobs, who is both appalling and fascinating in roughly equal measures. It's obvious there are some other very important minds that are doing the real work under the radar, but their stories are probably less scandalous.

Despite himself, Jobs ends up being inspirational. He was despised, discarded and abandoned, but he kept coming back. It's a story worth remembering when misfortune strikes; it's truer and more useful than the usual fraudulent tales of CEO perfection.

I wonder what Jobs parents make of him ...

All DeLong all the time: Egregious Moderation

Can someone tie Brad DeLong down before he exhausts the rest of us? In addition to his personal blog and shrillblog, he's now launched ...

Egregious Moderation

...An egregiously moderate forum: for people who want one online source for punchy liberal analysis and evisceration; especially evisceration...

He reads voraciously, writes incessantly, and is widely believed to be a full-time professor and productive economist. One theory is that he's an early experiment in shared-consciousness clonal breeding.

I need to create a "DeLong" category in my bloglines feed...

Why I didn't renew my Harvard Business Review subscription

HBR did one of their typical slavish portraits of Robert Nardelli a few months back...

101 Dumbest Moments in Business | 41 | Business 2.0:

... Dodging investors angry over the pay received by Home Depot chairman and CEO Robert Nardelli, who took home at least $120 million over five years as the company's stock price dropped 12 percent, Home Depot's board fails to show up at its annual shareholders meeting.

The session is presided over solely by Nardelli, who sidesteps all questions ('This is not the forum in which we would address your comment') and cuts the meeting short after half an hour. The event's negative fallout, highlighted by demonstrators wearing chicken costumes and orange Home Depot aprons, leads Nardelli to announce days later that, for next year's meeting, 'we will return to our traditional format ... with the board of directors in attendance.'

Nardelli resigns in early January, walking away with another $210 million in severance.

I dropped my HBR subscription last fall. HBR is the opiate of the powerful.

BTW. The CNN 101 Dumbest Moments in Business is quite good.

Even Robert Reich had something nice to say about Bush

I'm a Robert Reich fan. I know Reich is no more likely than I to say nice things about Bush. Like me, however, he was impressed by one Bush proposal...

Robert Reich's Blog

...the only halfway interesting thing about the President's underwhelmingly platitudinous State of the Union speech was his health care proposal. It deserves one cheer for the following reason: It potentially de-couples health care from employment.

Under his proposal, everyone would be eligible for a tax deduction for health insurance up to $15,000 per family, $7,500 for a single person – regardless of whether the insurance is provided by the employer or purchased elsewhere. And there would no longer be any advantage to getting it at work because employer-paid premiums would be included in taxable income.

Get it? With this plan, you can just about kiss employer-provided health insurance good-bye.
And good riddance. It’s the biggest tax break in the whole federal tax system, costing the Treasury some $130 billion a year. But you’re not eligible for it when you and your family are most likely to need it – when you lose your job, for example. And the biggest beneficiaries are upper-income employees. The lower your pay, the less likely you are to get any employer coverage at all.

The current employer-based system doesn’t cover the self-employed – the largest and fastest-growing category of worker. And it creates perverse incentives. It encourages employers to seek out young, healthy employees who are unlikely to have health problems; reject older ones; and push married employees onto their spouse’s employer’s plans...

I still think Bush and his minions would screw this up if they ever really tried to implement it, but I'm with Reich. Any healthcare reform plan that doesn't separate employment from health insurance should be abandoned.

Microwave sponges: two minutes on full

Health concerns aside, you can save money on sponges ...

Microwaves turn kitchen cloths into germ killers | the Daily Mail

...Two minutes of microwaving on full power mode killed or inactivated more than 99 per cent of all the living pathogens in the sponges and pads.

The Bacillus cereus spores required four minutes for total inactivation.

Professor Bitton said the heat, rather than the microwave radiation, was the most likely cause of death for the pathogens. As the microwave works by exciting water molecules, it is better to put wet rather than dry sponges or scrub pads into the oven.

... Cooks should microwave their sponges every other day, he suggested.

The warm, damp environment of kitchen cloths is the ideal breeding ground for microbes.

In the right conditions one bacterium can multiply to more than four million in just eight hours. This can make them up to 200 times more infested than a lavatory seat.

Spam: state of the art report

MSNBC's Rob Sullivan has a spam report. The numbers are indeed staggering. I wonder what percentage of net traffic is made up of "high grade" material -- excluding spam, porn, illegal file sharing etc. I'm guessing it's in the 20-30% range overall. A surprising amount of net traffic now is file sharing, and it's widely believed that almost all of that (by volume) is copyrighted material. Emphases mine.

... Not long ago, there seemed hope that spam had passed its prime. Just last December, the Federal Trade Commission published an optimistic state-of-spam report, citing research indicating spam had leveled off or even dropped during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.

In fact, there's twice as much spam now as opposed to this time last year... About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.

... There are 62 billion spam messages sent every day, IronPort says, up from 31 billion last year. Now, spam accounts for three of every four e-mails sent, according to another anti-spam firm, MessageLabs.

Image spam is a big part of the resurgence of unwanted e-mail. By using pictures instead of words in their messages, spammers are able to evade filters designed to detect traditional text-based ads. New computer viruses have contributed to the uptick, also, particularly a surprisingly prolific Trojan horse program called "SpamThru" that turns home computers into spam-churning "bots."

... Stock spam is effective because no Web link is required, Cluley said. In old-fashioned spam, criminals generally try to trick recipients into clicking on a link and buying something. Many e-mail programs now block direct Web links from e-mails, rendering click-dependent spam much less effective. But stock messages merely have to make the recipient curious enough about a company to motivate him or her to buy a few shares through a broker.

There is another element that helps perpetuate stock spam, Stark said – he believes speculators unrelated to the original spam sometimes try to “play the momentum” surrounding a spam campaign – either getting in early on a pump-and-dump campaign to profit as shares rise, or by “shorting” stocks, betting that they will fall after the spam campaign flames out.

...

Image spam, which seems not inseparable from stock spam, can arrive entirely devoid of text, but that’s not common. Most messages have what appears to be nonsense text pasted above and below the image. Experts call this "word salad," or "good word poisoning."..

... The word jumble is generally borrowed from news headlines or classic books like Charles Dickens' “David Copperfield,” the text of which are often available online. The seemingly random text actually serves and important purpose -- to foil or confuse word-based spam filtering.

... Spammers continually refine and combine their techniques, said Doug Bowers, senior director of anti-abuse engineering at Symantec. The firm recently found spam attached to legitimate newsletters that appear to be from big companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and another on an NFL fantasy league letter. Such e-mails are simply spam masquerading as authentic, with real content borrowed from legitimate companies. They are similar to phishing e-mails, and so are much more likely to be opened by recipients than traditional spam, Bower said...

Natural selection is causing spam to evolve very quickly. We're recreating biological evolution at a frenetic pace. Defense requires more complex algorithms, which lead quickly to more complex attacks. Maybe every technological civilization succumbs when its spam becomes sentient ...

The stock tip churn process may work for quite a while. It will eventually become a contest between spammers and speculators, which each speculator hoping they can hop off fast enough before the "house" calls the game. Of course the spammers will always know more, so they'll always come out ahead. Some speculators will win too, so it will be a lot like going to the casino. In time the spammers will learn to keep the game interesting.

My favorite spam fighting technique, the reputation management of authenticated sending services, works even against spambots. I think this is what Google is doing now, even though they're very quiet about it.