"spam" entries

Four short links: 20 July 2015

Four short links: 20 July 2015

Less Spam, Down on Dropdowns, Questioning Provable Security, and Crafting Packets

  1. Spam Under Half of Email (PDF) — Symantec report: There is good news this month on the email-based front of the threat landscape. According to our metrics, the overall spam rate has dropped to 49.7%. This is the first time this rate has fallen below 50% of email for over a decade. The last time Symantec recorded a similar spam rate was clear back in September of 2003.
  2. Dropdowns Should be the UI of Last Resort (Luke Wroblewski) — Well-designed forms make use of the most appropriate input control for each question they ask. Sometimes that’s a stepper, a radio group, or even a dropdown menu. But because they are hard to navigate, hide options by default, don’t support hierarchies, and only enable selection not editing, dropdowns shouldn’t be the first UI control you reach for. In today’s software designs, they often are. So instead, consider other input controls first and save the dropdown as a last resort.
  3. Another Look at Provable SecurityIn our time, one of the dominant paradigms in cryptographic research goes by the name “provable security.” This is the notion that the best (or, some would say, the only) way to have confidence in the security of a cryptographic protocol is to have a mathematically rigorous theorem that establishes some sort of guarantee of security (defined in a suitable way) under certain conditions and given certain assumptions. The purpose of this website is to encourage the emergence of a more skeptical and less credulous attitude toward this notion and to contribute to a process of critical analysis of the positive and negative features of the “provable security” paradigm.
  4. Pig (github) — a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuffs.
Four short links: 2 June 2014

Four short links: 2 June 2014

Filesharing Box, Realised Dystopias, Spam Ecosystem Research, and Technical Interviews

  1. PirateBox 1.0 — turns a wireless router into a filesharing joy. v1.0 has a responsive ui, among other things for use on tablets and phones.
  2. Dystopia Tracker — keep on top of which scifi dystopic predictions have been realised. I’d like filters for incubators, investors, and BigCos so you can see who is investing in dystopia.
  3. The Harvester, the Botmaster, and the Spammer (PDF) — research paper on the spam supply chain.
  4. Technical Interviewing (Moishe Lettvin) — lessons learned from conducting >250 technical interviews at Google. Why do I care? Chances are, your technical interviews suck so you’re hiring poorly.

Phishing in Facebook’s Pond

Facebook scraping could lead to machine-generated spam so good that it's indistinguishable from legitimate messages.

A recent blog post inquired about the incidence of Facebook-based spear phishing: the author suddenly started receiving email that appeared to be from friends (though it wasn’t posted from their usual email addresses), making the usual kinds of offers and asking him to click on the usual links. He wondered whether this was a phenomenon and how it happened — how does a phisherman get access to your Facebook friends?

The answers are “yes, it happens” and “I don’t know, but it’s going to get worse.” Seriously, my wife’s name has been used in Facebook phishing. A while ago, several of her Facebook friends said that her email account had been hacked. I was suspicious; she only uses Gmail, and hacking Google isn’t easy, particularly with two-factor authentication. So, I asked her friends to send me the offending messages. It was obvious that they hadn’t come from my wife’s account; they were Yahoo accounts with her name but an unrecognizable email address, exactly what this blogger had seen.

How does this happen? How can a phisher discover your name and your Facebook friends? I don’t know, but Facebook is such a morass of weird and conflicting security settings that it’s impossible to know just how private or how public you are. If you’ve ever friended people you don’t know (a practice that remains entirely too common), and if you’ve ever enabled visibility to friends of friends, you have no idea who has access to your conversations.

Read more…

Four short links: 6 February 2013

Four short links: 6 February 2013

Cite Spam, Astro Science Labs, Citizen Science, and Accelerating Research

  1. Manipulating Google Scholar Citations and Google Scholar Metrics: simple, easy and tempting (PDF) — scholarly paper on how to citespam your paper up Google Scholar’s results list. Fortunately calling your paper “AAAAAA In-vitro Qualia of …” isn’t one of the winning techniques.
  2. Seamless Astronomybrings together astronomers, computer scientists, information scientists, librarians and visualization experts involved in the development of tools and systems to study and enable the next generation of online astronomical research.
  3. Eye Wirea citizen science game where you map the 3D structure of neurons.
  4. Open Science is a Research Accelerator (Nature Chemistry) — challenge was: get rid of this bad-tasting compound from malaria medicine, without raising cost. Did it with open notebooks and collaboration, including LinkedIn groups. Lots of good reflection on advertising, engaging, and speed.
Four short links: 10 May 2012

Four short links: 10 May 2012

Illuminated Mario, Touchstone Facts, Calculating Spamicity, and Abstract Quantified Self

  1. Gravity in the Margins (Got Medieval) — illuminating illuminated manuscripts with Mario. (via BoingBoing)
  2. Hours Days, Who’s Counting? (Jon Udell) — What prompted me to check? My friend Mike Caulfield, who’s been teaching and writing about quantitative literacy, says it’s because in this case I did have some touchstone facts parked in my head, including the number 10 million (roughly) for barrels of oil imported daily to the US. The reason I’ve been working through a bunch of WolframAlpha exercises lately is that I know I don’t have those touchstones in other areas, and want to develop them. The idea of “touchstone facts” resonates with me.
  3. Spotting Fake Reviewer Groups in Consumer Reviews (PDF) — gotta love any paper that says We calculated the “spamicity” (degree of spam) of each group by assigning 1 point for each spam judgment, 0.5 point for each borderline judgment and 0 point for each non-spam judgment a group received and took the average of all 8 labelers. (via Google Research Blog)
  4. Visualizing Physical Activity Using Abstract Ambient Art (Quantified Self) — kinda like the iTunes visualizer but for your Fitbit Tracker.
Four short links: 30 September 2011

Four short links: 30 September 2011

Fingerprinting Cameras, Stopping Spambots, Generic Infographics, and Open Source Healthcare Records

  1. Fingerprinting Cameras Through Sensor Noise — using the pattern of noise consistent between images taken from the same camera to uniquely identify the device. (via Pete Warden)
  2. Stopping Bots with Hashes and Honeypots (Ned Batchelder) — solid techniques for preventing spambots. (via Andy Baio)
  3. Most Popular Infographics Generalized (Flowing Data) — it’s only funny because it’s true.
  4. London Hospital to Deploy Open Source Record System — hot on the heels of the NHS canning a failed expensive development of electronic health records. (via Glyn Moody)
Four short links: 21 June 2011

Four short links: 21 June 2011

Terminal Tool, Gamifying Education, Exponential Shortcut, and Kindle Spam

  1. tmux — GNU Screen-alike, with vertical splits and other goodies. (via Hacker News)
  2. Gamifying Education (Escapist) — a more thoughtful and reasoned approach than crude badgification, but I’d still feel happier meddling with kids’ minds if there was research to show efficacy and distribution of results. (via Ed Yong)
  3. Rule of 72 (Terry Jones) — common piece of financial mental math, but useful outside finance when you’re calculating any kind of exponential growth (e.g., bad algorithms). (via Tim O’Reilly)
  4. Spam Hits the Kindle Bookstore (Reuters) — create a system of incentives and it will be gamed, whether it’s tax law, search engines, or ebook stores. Aspiring spammers can even buy a DVD box set called Autopilot Kindle Cash that claims to teach people how to publish 10 to 20 new Kindle books a day without writing a word. (via Clive Thompson)

Facebook comments: Fewer and better, or just fewer?

Alistair Croll and Sean Power examine the impact of Facebook's embedded comments tool.

Facebook's new embedded comments option offers websites an additional social layer, but does it attract or drive away content engagement?

Four short links: 10 March 2011

Four short links: 10 March 2011

MTurk Spam, Javascript Secrets, Better Comments, and Full RSS

  1. Everybody is Spamming Everybody Else on MTurk — one researcher found >40% of HITs are spammy, but this author posted a Mechanical Turk HIT to supply recommendations for visitors to a non-existent French city and got responses from people expecting that every response would be paid regardless of quality.
  2. Javascript Garden a growing collection of documentation about the most quirky parts of the JavaScript programming language. It gives advice to avoid common mistakes, subtle bugs, as well as performance issues and bad practices that non-expert JavaScript programmers may encounter on their endeavours into the depths of the language.
  3. A 5 Minute Framework for Fostering Better Conversations in Comments Sections (Poytner) — Whether online or offline, people act out the most when they don’t see anyone in charge. Next time you see dreck being slung in the bowels of a news story comment thread, see if you can detect whether anyone from the news organization is jumping in and setting the tone. As West put it, news organizations typically create a disconnect between the people who provide content and the people who discuss that content. This inhibits quality conversation.
  4. Full Text RSS Feed — builds full-text feeds for sites that only offer extracts in their RSS feeds. (via Jason Ryan)
Four short links: 15 February 2011

Four short links: 15 February 2011

New Copyright Laws Proposed, GMail APIs, Internet Book Roundup, and Chrome Farm

  1. White House Will Propose New Digital Copyright Laws (CNet) — If the Internet were truly empowering citizenry and bringing us this new dawn of digital democracy, the people who run it would be able to stop the oppressive grind of the pro-copyright machinery. There’s no detail about what the proposed law would include, except that it will be based on a white paper of “legislative proposals to improve intellectual property enforcement,” and it’s expected to encompass online piracy. I predict a jump in the online trading of those “You can keep the change” posters that were formerly the exclusive domain of the Tea Party, and the eventual passage of bad law. As the article says, digital copyright tends not to be a particularly partisan topic..
  2. Introducing GmailrAn unofficial Javascript API for Gmail […] there are many companies […] building out complex APIs with similar functionality, that can all break independently if Gmail decides to significantly change their app structure (which they inevitably will). What we really need is for many people to come together and build out a robust and easy-to-use javascript API for Gmail that is shared across many extensions and applications. This is my hope for Gmailr. This is how Google Maps API began: reverse engineering and open source.
  3. The Information: How the Internet Gets Inside Us (New Yorker) — thoughtful roundup of books and their positions on whether the Internet’s fruits are good for us. He divides them into never better, better never (as in “we’d be better off if it had never been invented”), and ever-was (as in, “we have always been changed by our technology, so big deal”). (via Bernard Hickey on Twitter)
  4. New Chrome Extension Blocks Sites from Search Results — Google testing whether users successfully identify and report content farms.