The weekly newsletter for Fed2 by ibgames

EARTHDATE: August 7, 2011

Official News page 12


WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

Just a short issue this week since I'm halfway through moving over to a new computer, with all the agro that that implies. I'll be back with a full issue next week (Windows permitting)...


Story: Orange juice, shampoo, and deep packet inspection

Imagine one day turning on the shower to find that it was now giving you a sticky orange fluid instead of water... You ring up the water utility and a cheerful voice at the other end tells you that you'll be happy to know that they did a deal with an orange squash company to provide a sample of the squash company's product for the day!

Sitting down you dash off a complaint, pointing out that it is extremely difficult to wash your hair in orange squash, and anyway you are allergic to oranges. The reply is a stock letter telling you how the advertising revenue from this wonderful offer is helping to keep the costs of your water supply down, and lists a series of future adverts of this nature in the pipeline (so to speak) - none of which are beer, incidentally.

You wouldn't be very happy would you?

So tell me what the difference is between what I described above and ISPs hijacking your search queries and passing them on to a marketing company, instead of passing them on to your chosen search engine? You think that sounds far fetched? It's happening right now, in the US with at least ten ISPs who between them have several million subscribers! The implications are horrendous. It means that the ISPs are delving into the contents of your net communications to find search queries and passing the search queries on to a third party, as well as building up a profile of your online interests.

According to New Scientist the following ISPs are currently redirecting some of their users' search queries: Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West, and XO Communication. In addition, Charter and Iowa Telecom were observed to be redirecting search terms, but have since ceased doing so. Iowa Telecom stopped its redirection between July and September 2010, and Charter stopped in March 2011.

Legal action - class action to be specific - is already happening in New York, where a filing against one of the ISPs and a company called Paxfire which is believed to have provided the necessary equipment, alleges that the process violated numerous statutes, including wiretapping laws.

We already had something similar happen over here when BT used a company called Phorm to pry into people's internet traffic (the technical term for this is 'deep packet inspection'). The response from the Telecom regulator was less than satisfactory, and eventually the EU commission stepped in and demanded an explanation. (Hey! The EU did something I agree with, wonders will never cease...)

In the meantime, the people who discovered what was going on in the US, Christian Kreibich and Nicholas Weaver at the International Computer Science Institute in Berkeley, California, have made available a very neat test that you can use to figure out just exactly what your ISP is up to. It's here <http://netalyzr.icsi.berkeley.edu/>. Some of the stuff it tells you is a little on the techie side, but a lot of it isn't. I suspect that if you buy your work sysadmin a drink, he, or she will translate the techie stuff for you :)

Going back to where we started, when you turn on the tap you expect clean water to come out of it. Similarly, when you send a packet of data off from your computer, you expect it to be delivered to its destination without any attempt to look at what it contains. ISPs violate this expectation at their peril.
http://www.newscientist.com/article/dn20768-us-internet-providers-hijacking-users-search-queries.html


Shorts:

There was an interesting report out from Avast, the anti-virus company, suggesting that machines running Windows XP represent a huge reservoir of rootkit infected machines. XP makes up about 58% of Windows systems in use. Avast found that 74% of rootkit infections were on Windows XP machines.

Avast suggest that the reason for this is that users won't upgrade to XP service pack three (SP3) because they are running counterfeit copies of Windows XP. I'm not so sure. I think that a lot of them are perfectly happy with what their XP already provides, and don't want the extra stuff that came in SP3 - which older machines can't handle anyway,

The real problem is that Microsoft no longer provides security patches for anything less than SP3. When you think about it, this is pretty outrageous. What would happen if car manufacturers stopped providing spares or recalling cars for safety issues after a few years? XP is only about ten years old. Until last year this family ran a little 20+ year old Mazda MX5. We never had any problems with getting spares, or buying a manual for it. Security holes are the software equivalent of safety failures, and they are the responsibility of the product maker.

The other problem, of course, is that often rootkit viruses don't have a lot of impact on the user of the computer. Who needs key logging when the big companies give away your info to hackers? The bottom has dropped out of the stolen credit card market because everywhere is awash with them. The virus owners are more interested in using them as part of a botnet than stealing a single credit card. Botnets affect other users, not the user of the affected machine, so as far as the owner is concerned, it's not his problem, assuming he is even aware of the 'problem'.
http://www.computerworld.com/s/article/9218722/Windows_XP_PCs_breed_rootkit_infections

Very embarrassing... Hackers managed to lift 8 GB of data from the Italian Anti-Cybercrime unit. The hackers, who call themselves the 'Legion of Anonymous Doom' (such imagination <yawn>) plan to release the info online in the near future. There's so much stuff out there now - mostly classified trivia, that most people probably won't even notice. I guess you could call it 'security by boredom'.
http://www.net-security.org/secworld.php?id=11336


Homework:

I'll let you all off doing homework this week, since it's summer :)


Geek Toys:

Want to see an ace bit of Lego building? Then take a look at tbone-tbi's rendition of the spaceship Serenity from the Firefly series. It's superb, a classic example of what can be achieved with Lego!
http://www.brothers-brick.com/2011/07/26/lego-serenity-from-firefly-series/

If you want something really weird, take a gander at this series of pictures of the Ryugyong Hotel in the center of North Korea's capital city Pyongyang. As you will probably realize, Pyongyang is not exactly the world epicenter of tourism, which probably explains why it was mothballed when only partially built in 1993. Now however, rebuilding has started again. I wonder what they know that we don't? Maybe it would be worth watching the 'Rocky Horror Show' before booking in...
http://www.gizmag.com/ryugyong-hotel-pyongyang/19389/


Scanner:

Five things you didn't know about LED light bulbs
http://news.cnet.com/8301-11128_3-20084337-54/five-things-you-didnt-know-about-led-lightbulbs/
?part=rss&subj=news&tag=2547-1_3-0-20&tag=nl.e703

Circles Fatigue: The Dark Side Of Google+
http://www.fastcompany.com/1767807/running-in-circles-on-google

The Association of National Advertisers blast ICANN over new top level domains
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5L6chr0QvNzYzlkODc0OTMtY
jE3My00MWQ2LWFmZWMtNzMzNjhjZTllYTFm&hl=en_US&pli=1


Acknowledgements

Thanks to readers Barb, Fi, and to Slashdot's daily newsletter for drawing my attention to material used in this issue.

Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...

Alan Lenton
alan@ibgames.com
7 August, 2011

Alan Lenton is an on-line games designer, programmer and sociologist, the order of which depends on what he is currently working on! His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.


Fed2 Star index Previous issues Fed 2 home page