Don't get this women or banana mad at you.
More Haedong Gumdo: World Haedong Kumdo Federation, Google.
Read about Yukon and drool, weep, or laugh a little.
A soldier's life illustrated (via Tim).
A so so XHTML-based outline format.
How is my Scripting News imitation doing so far? It's kinda fun at my end.
This is the last reminder. I promise. Heehee. It will be at Venture Frogs in SF at 7PM. You can find more info here.
New York Times has a good article on the growing phishing epidemic.
On how much money phishers make:
In February, Alec Scott Papierniak, 20, a college student in Mankato, Minn., pleaded guilty to wire fraud. He had sent people e-mail messages with a small program attached that purported to be a "security update" from PayPal. The program monitored the user's activity and reported their PayPal user names and passwords back to Mr. Papierniak.
Prosecutors say that at least 150 people installed the software, enabling Mr. Papierniak to steal $35,000.
While most of those prosecuted so far for phishing have been in the United States, eBay, working with the Secret Service, has investigated a series of scams originating in Romania. More than 100 people have been arrested by Romanian authorities. One of them, Dan Marius Stefan, convicted of stealing nearly $500,000 through phishing, is now serving 30 months in a Romanian prison.
On how much it costs companies:
The financial losses of most phishing victims, particularly those subject to credit card fraud, often end up being absorbed by banks and their insurance companies.
But the costs are real."We get 20,000 phone calls every time one of those goes out, and it costs us 100 grand," said Garry Betty, EarthLink's chief executive. "I got so mad one month when we had eight attacks," he said, explaining that he is pressing his legal department to find someone important to make an example of.
100 grand for each attack and it costs nothing but an afternoon for phishers to launch a phishing attack. If and when the spamming tide turns for the better, we'll also have a growing number of pissed off spammers with the motive and incentives to turn to phishing. Hmm.
The combined picture is not pretty, even if the phishing attempts are not successful. Microsoft could also face lawsuits from companies whose bottomlines are being hit by phishers and be forced to remove HTML e-mail feature out of Outlook and add anti-phishing features to IE.
Apparently someone who read some of my posts on spoofing and phishing thought I was a hacker and referred me as one at some conference. What a laugh. No, I am not a hacker. I am a consultant and security just happens to be one of many areas I specialize in. Phishing is also interesting to me because it is also an UI problem.
I take pleasure in creating useful things, not in breaking into places or fooling people.
I had a really enjoyable lunch with Phil Stanhope who was in town for Microsoft Mobile DevCon. He and I share a lot in common such as decades of rich experiences and our architectural visions matched like gloves. He had also worked at Lotus around the same time I was working for them as a consultant. Aside from all that, it's always nice to meet another old warrior for a change.
Showing another glimpse of maturity and open source abundance in Java land, Carlos lists open source personal proxy servers written in Java. These lists are my favorite posts in his blog.
I played a bit with e4Graph early this morning to store some XML documents. eGraph database files were about 1.5 times larger than the XML files. Not bad although I suspect there is some room for improvements since XML files compresses well. The good news is that every elements and attributes in the XML file are stored as nodes and vertices of a graph. Cool.
The bad news was that it was somewhat slow in converting XML files into a graphs. But it should be just fine for most client-side applications. I am going to test node insert, query, and navigation performance later.
Robert Kaye, creatively-titled Mayhem & Chaos Coordinator of MusicBrainz, has an interesting article at OpenP2P.com titled 'Next-Generation File Sharing with Social Networks' in which he talks about social, legal, and technical issues of Darknets, private secure P2P network built around social networks.
He recommends SSH-based protocol with interesting techniques like Port Knocking (as in secret knocks) and media identifiers like Bitzi and MusicBrainz provides. Port Knocking, in particular, got me chuckling. The idea, described as a system for stealthy authentication across closed ports, is to use a series of secret pattern of connection attempts to a series of closed and logged ports. Unless the right pattern is used, the server either refuses connection or act innocent by providing some bogus service.
Robert also analyzed the attack model using RIAA as the bad guys.
While the article was interesting, Darknets are doomed IMHO because of #3: social client attack. All RIAA has to do is offer financial incentives to encourage people to infiltrate or betray Darknets. His defense seems to be that Darknets are protected by being a more difficult or costly target to chase than easier targets like Kazaa. I disagree because financial incentives are paid out only when results are delivered.
I love it. Technorati is updating it's page design and I am watching it as it happens at 2AM.
A note to Dave Sifry: I like the alternate background coloring, Dave. I also like the conversation thingy except I don't want to click on all the conversations. Reflect the LOUDNESS of the conversation behind each entry with some visual hint (i.e. icon count, color, size) so I can zero in on the center of the noise.
While TypeKey will be controversial, I think the need for such a service for corporate use of blogs should not be. Corporate blogs are going to be fairly stringent against inappropriate comments and, without strong comment management capabilities, cost of maintaining corporate blogs will be too high.
A comment management feature I have yet to see anywhere is the ability to transfer comments from one blog to another. Such feature can be used to move customer complaints lodged at a company's marketing blog to their customer complaint blog.
Speaking of corporate blogging, Corporate Blogger's Dinner will be held this Wednesday in San Francisco. Be there. BTW, anyone bringing up political issues will be beaten silly with teriyaki chicken.
Don Park's Weekly Habit 