Month: March 2005

Risk by Proxy

As part of my fraud detection work, I've been looking at anonymous network proxies (aka anonymizers) as a source of risk.  What is a proxy?  A proxy is, in essence, a man-in-the-middle (MITM).  If the MITM is a bad guy, then you've just invited a wolf in sheep's clothing into your house.

While there are many MITM attacks possible, including SSL certificate spoofing, most lucrative attacks are the ones that keeps the door open.  For example, a proxy can inject virus into any executables users download.  Once they are in, they can start harvesting passwords through keylogging or inject bogus certificates to monitor SSL traffic.

Come to think of it, this is a great way to deliver monitoring software into hacker's desktops.

Twilight Samurai

Twilight Samurai on DVD recommended.  It's a beautiful film to watch although I thought the storyline was a bit too simple.  It has only two fighting scenes with little bloodshed.  The first fighting scene, which takes place by a stream, was more enjoyable than the second which was just two samurais fumbling around inside a dark house.

Fraud Detection Thoughts

Some problems with using individual user behavior analysis for fraud detection:

  • Low ROI
  • High false signals
  • Bad user experiences

IMHO, it makes more sense to just give the user the means to protect themselves.  Allow user to move functionalities to areas with the desired protection level and set thresholds to the level suitable for them.

For example, divide up functions into three boxes, representing three levels of required authentication, and let the user move functions between boxes.  I would keep transaction history at far left and move money transfer to the far right which will result in e-mail confirmation for each transaction.

Much of the user chores can be alleviated by offering a set of standard account configuration packages.  For premium accounts, additional boxes could be added for more intimate verifications like a personal call from the account manager.  Hi, Don.  Are you sure you want to transfer half of your account to a russian bank?

Dokdo

Dokdo is a small Korean islet which Japan continues to argue ownership over.  This week Shimane Prefecture assembly passed a bill claiming Takeshima (Japanese name for Dokdo) as a part of Shimane Prefecture.

Shimane Prefecture officials and assemblymen made a grave mistake.  If their intention was to bring more attention to fishing rights problem, they certainly got it in the worst way possible.

Japanese government also made the stupid mistake of underestimating how intensely Koreans feel about Dokdo.  While most Japanese are ambivalent about Dokdo, 99% of Koreans feel very strongly about Dokdo.

If you find it difficult to understand why Koreans are so upset over a pointless bill passed by Japanese prefacture over a pile of rocks, just ask the person next to you to kick you between the legs and then ask yourself why you are rolling on the ground.

Opie? Opy? nTree!

Dave is looking a good name for his new outliner.  These are some names I came up with just now:

  • Op
  • Opy
  • OPed
  • OPad
  • Opal
  • TreeTop
  • OneTree
  • nTree

Among them, I like the sound of Opy and nTree the best.  If I had to choose, I would go with nTree because it implies both in-tree and entry as well as any number of trees.  I also like the way the uppercase T sticks out like a tall tree rising above the forest.

White Male Solution

If white male dominated blogosphere is really bad, then here is a simple solution: Let us all be white males.

After all, blogosphere is a virtual world so anyone can pretend to be a white male.  You don't have to say you are a white male because, if you don't put up your picture and use a masculine alias instead of your real name, your readers will assume you are a white male.

Since my picture is already out, let me just say that I am a white male as well, a descendent of a Jewish family that wandered a little too far east.  As to my facial features, it was the water. 😉

This topic annoys the heck out of me.  Oy.

Parting Gift from MSN Search Team

After being woken up by call from Michael, I noticed a very large box sitting in my office.  Since I wasn't expecting any shipment, I scanned with my bomb detector (Google search on the shipping address and a few intelligent shakes) before opening it up carefully with my box opener (aka toe-nail clipper).

It turned out to be a gift from MSN Search team to MSN Search Champs, a 30G Creative Nomad MP3 player.  Very nice.  Since I am too much of a cheapskate to buy an iPod, this will do very nice.  Thanks guys!  Very much appreciated.

Update:

Urgh.  Nomad controls and UI sucks prime time, enough to make me want to bitchslap Creative engineers.  I love the 30G of space but this is like covering chocolate with torns.

More on Become.com

Details about Become.com's patent application for the algorithm behind product-oriented search engine turned up at John Batelle's blog.  The patent looks like it's a shard off Wisenut search engine.  Interesting.

I talked with Michael Yang today.  The funny thing was that he didn't recognize me other than as Don Park the blogger and a fellow UC Berkeley man.  I guess mySimon and NetGeo experience took it's toll because, when we met for the first time many years ago, we talked about working together.  I decided not to because he already had a good partner, Yeogirl Yun, and financing was not quite there.  So we went our separate ways and he and Yeogirl went on to make millions with mySimon.  I'll have to get together with him sometime and refresh his memory with a bit of Soju.  Hehe.

Anyway, he said the recent press tour was very promising and Become.com site is picking up significant number of new users everyday.  Well, he has a tough, albeit familiar, road ahead so a rosy start can't hurt.

Re complaints about BecomeBot, Michael said they changed it in response to the complaints to be much less annoying.  He is also using Technorati daily to keep track of user opinions.  If you got something to say to him, just write a post mentioning Become.com.  Fantastic.  I wish more CEOs are as blogosphere-savvy.