April 2005 Archive

Brokerage is dead

April 30th, 2005

I know a lot of stock brokers. The good ones are excellent sales people, but their skill sets usually end there. They generally have rudimentary knowledge of fundamental and/or technical analysis, money management principles, and even basic economics. I don’t know if they forgot all that subject matter right after they passed the Series 7 exam, or they are just plain stupid, but that matters little. If you can sell, you can make commission, and that is what brokers are concerned with.

The retail brokerage culling after the market debacle of 2000-01 has not been fully rejuvenated, and the replacements that are in are being called “advisors.” Unfortunately, most of these folks couldn’t advise their clients way out of a wet paper bag, and the firms they work for know it.
Read more »

Phishing hits the big time

April 30th, 2005

Oxford Analytica has a brief on identify theft published over at Forbes.com. The reason I say “hit the big time” is because OA is quoting some monsterous incident numbers in Hooked On Phishing. Accordingly, they say that the FTC reported roughly 27.3 million cases of identify theft over the last five years - nearly one-tenth of the US population. The total cost of the problem in the U.S. last year was $52.6 billion.

Some parts of this story strike me as odd. The first is the sheer magnitude of the cases. I suspect there are some other numbers in there, like possibly credit card fraud via traditional theft. The second issue is why throw “phishing” in the headline? Many of the cases quoted, like the Lexis-Nexis and Choicepoint issues, were not really phishing cases, but instead either a lack of internal security, or just plain stupidity. And the article mentions other forms of fraud as well.

I think those numbers deserve a little more scrutiny. This article is more so one on identity theft and consumer financial fraud, and the writers need to think a little harder about their words before they create a panic and everyone turns off their computers out of fear. Although phishing is an issue, it is part of a much bigger problem which will require additional regulatory and financial infrastructure changes far beyond protecting personal computer communications before it is solved.
Read more »

Spamroll visits Bankruptcy Court - Richter Files (cont’d)

April 30th, 2005

I had the chance to stop by the US Bankruptcy Court yesterday, to observe the latest in the OptInRealBig and Scott Richter bankruptcy cases.

It was less than a packed courtroom, with roughly 15 people there including Judge Tallman and myself. Mr. Richter had no huge entourage - it was just he, two lawyers, his father, and one other. On the other side, we had an attorney representing the US, one for Microsoft, one for American Family Insurance, and one for Daniel Balsam (who flew in from California this morning). In addition, there were two other attorneys present as part of a potential creditors committee (not yet formed).
Read more »

Schoolboys and future felons

April 29th, 2005

Hacking websites used to be child’s play. Real hackers (you know, the folks who could spin a Defense Department database from a Pentium I laptop, bouncing packets off the moon via a HeathKit box, coding in C, while blindfolded) called them script kiddies. People don’t seem to understand that the child aspires to be like his mentors - bad behavior will be emulated.

So when I hear that many web site hackers are schoolboys, I just have to wonder what those kids will be up to next year.
Read more »

Need a phishing buddy? Call Yahoo!

April 29th, 2005

Larry Seltzer assembled this op-ed over at eWeek, which cuts to the core of some Yahoo! abuse management troubles. It seems that Yahoo! is not exactly quick to the punch when shady (or downright illegal) sites are brought up on the Yahoo!/Inktomi network. In addition, Yahoo! makes it pretty difficult to report abuse cases, particularly by requiring that victims know the abusing site’s Yahoo! member handle.
Read more »

Has Google put the clamp on search engine spam?

April 28th, 2005

Over at Spamroll, no artifice of electronic trickery is safe from scrutiny. With that in mind, one must follow the goings on with search engine spam (see Is Google Becoming A Central Theme in Spam Wars? and Blogger gaming search engines, from the inside out for starters). So I was surprised to notice the other day that some of the PageRanks that Google is reporting seem a little off. I have found PR3’s mingling with PR8’s on the first page of some results over at Google, as well as some 6’s and 7’s hanging out with 0’s down in the bowels (like the +20th page of result).

What gives? Has Google changed their reporting to get the SEOs’, link farms’, and spammers’ wheels spinning, or have they changed their algorithm somehow, so that PageRank doesn’t matter as much as it used to? The results are still in line at the top of page 1, but the PR for some just doesn’t make sense like it used to.

My personal opinion…don’t care. The results are great, and if Google can do something to make the gamers pull their hair out in frustration, then it is nothing but a good thing. If I am missing something altogether, let me know; my feelings won’t get hurt, and I will shut my trap about it.

Spitzer sues spyware company

April 28th, 2005

We’ve seen it before, and we’ll see it again - Elliot Spitzer suing evil-doers. Yes, Elliot is at it again, this time suing spyware vendor Intermix for infecting millions of computers with redirect code, silly toolbars that do nothing, and tons of popups. Best guess is more than 3.7 installs in New York alone.

Boy I sure do wish I didn’t spend all of my time on my PowerBook and my Linux slab, or I too could see some of these neat little tricks.

Meanwhile, lets just hope Elliot has consumers best interests in mind, and has thought through all the issues before pulling the trigger on this one.

Two more anti-spyware outfits

April 28th, 2005

Two new anti-spyware companies have recently hit the pavement. SurfControl, of policy management and filtering software note, announced its new SurfControl Enterprise Threat Shield, which will be sold to businesses. In a separate announcement, Tenebril, makers of the SpyCatcher desktop app, announced a $6.5 million round led by Sierra Ventures, and that security industry veteran Irfan Salim would be its new CEO.
Read more »

ZoneAlarm mishap, and a quick fix

April 28th, 2005

ZoneAlarm Security Suite’s latest update caused a few problems with some users. According to this report, the change caused the anti-spam filter to turn on by default. Some temporarily missed mail was the only issue, and the above article points out the easy fix, which entails opening ZoneAlarm’s control panel and turning the junk e-mail filter option on, then restarting Outlook, turning the ZA filter off, and restarting Outlook again.

Paying attention to Linux needs

April 28th, 2005

I have always been a little cautious with my Linux install, not because I don’t trust it, but because I don’t trust those on the outside who might decide to tool with it for less than honorable reasons. So it is nice to see that someone is paying attention to Linux users. While the Vexira Central Command app is designed primarily for mail servers, the product does include embedded anti-virus and anti-spyware functionality as well. Vexira does make a standalone anti-virus product for Linux, but it is still a bit behind - being applicable to the 2.2.X kernel.

I would be interested (and enthused) to see Vexira extend some of this to the desktop. In the meantime, if anyone out there knows of others doing this, please let me know.