Then is it not cheating in Everquest II because Sony offers Station Exchange for sanctioned trading? Perhaps Sony just want to be paid when it's players cheat.
I haven't read the "Christian" version of Albrecht's book, but I'm reading "Spychips" now. I bought it after reading the story here on Slashdot about data center engineers having RFID chips implanted in their arms for security access. The plain fact is that whatever Albrecht's religious leanings, the book is really well reported, with a ton of information from patent filings filled with surprising revelations about the ways major corporations want to integrate RFID into everything. I think it's an important book that raises awareness of the potential privacy issues surrounding RFID. It sure raised mine.
In fact, if you look at the screenshot from the Washington Post story, you'll see that the Post's computer was using the Netcraft toolbar, and that the red "Risk Rating" bar indicates a risk rating of 10 - the highest possible risk. Even though the SSL certificate and ChoicePoint "identifier" didn't flag the site as suspicious, the Netcraft toolbar did.
Phishing scams have been using SSL in attacks since 2004. Last year Netcraft identified more than 450 phishing attacks that used SSL certificates in one form or another. However, the tactics seen in the Mountain America attack are more sophisticated than previous attempts. In many previous attacks the phishing crews have used an https URL with an SSL cert they know will trigger a browser alert, banking on the likelihood that many users will trust the padlock and ignore the certificate. This one is designed to fool more sophisticated users who actually check the certificate.
There's already been much discussion of religious concerns about RFID, but it should be noted that the researchers from SpyChips.com that discovered the Cincinnati company's use of RFID have religious motivations. The press release from SypChips notes this:
"Albrecht and McIntyre, who are Christians, also have religious concerns about RFID chip implants. In their latest book, "The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance," the pair explain how plans by global corporations and government entities to broadly deploy RFID could usher in a world that bears a striking resemblance to the one predicted in Revelation, the last book of the Bible."
If the facts are accurate - and no one seems to be disputing them as yet - then their motivations aside, they've provided an important service to privacy watchers. It's interesting to see Christian activists approaching the issue with fact-based investigative reporting rather then just Scripture.
While this deal is the biggest ever, there are plenty of top-dollar domain sales taking place these days. Check out the top sales of 2005 over at Domain Name Journal and you'll find that at least 44 domains sold for more than $100,000 last year, including a blog domain (blogster.com) and even a typo (voyuer.com).
Print's days won't be numbered until game publisher ad bucks start flowing to web sites instead of magazines. Gaming magazines still get the lion's share of advertising bucks spent by game publishers. The shift of ad budgets to the web has been slower to develop in gaming than in some other news niches. While some large gaming web sites and networks can build revenue through direct ad sales, many independent sites can't afford to hire advertising reps. As a result, Google AdSense is the primary revenue source for independent game sites, and payouts on click-throughs is pathetically low for gaming text ads - at least compared to other industries (hosting, domains, etc.)
But that might be changing. Last year Jason Calcanis of Weblogs Inc. was touting his network's AdSense revenue, and noted the low per-click payouts for WIN's video game sites, several of which were inactive soon after. But Calcanis, who tracks AdSense trends very closely, recently changed his mind and launched the Joystiq network, which includes new sites focused on the Xbox 360, PSP and World of Warcraft. My guess is that Calcanis has seen the payout numbers improving.
In addition to pointing out all the bad journalism out there, these sites help identify blogs and magazines that strive to offer better writing and reviews. Visit those sites and click on a few ads. Marketing-driven articles continue to appear because game publishers pay the bills. That only changes if game mags and sites can develop business models where they are accountable primarily to you - their readers - rather than game companies.
Jesper Johanssen, a Senior Security Strategist in the Security Technology Unit at Microsoft, has offered "non-official" observations on his blog. It includes a workaround I hadn't seen mentioned elsewhere, which involves changing the "Run As" setting in Internet Explorer to a non-admin user.
I worked in newsrooms for a lot of years, and lived through several redesigns of print products. A tool that was really useful was Eyetrack, a tool that improves reader studies by strapping a camera to their head and documenting which page feature (headlines, photos, text) catch the reader's eye. This has been used in newspaper redesigns since the early 1990, and was also used in a major study of online news sites in 2004. There's a lot of data there that is based on readers' actual practice, rather than conjecture about what editors' or consultants believe about design. I think the 2004 study helped a lot of online news sites improve their designs, as it confirmed advice that many web experience professionals had been sharing with newspapers.
Another useful book that can raise awareness and understanding is "Phishing: Cutting the Identity Theft Line," by Rachael Lininger and Russell Dean Vines. It covers everything from the basics to detailed strategies, with summary sections of action points for IT staff, users and financial execs. About $20.
If a business web site claims to implement extraordinary security to protect its users, it needs to live up to that claim. If a web site discloses that "coding errors could make it easier for criminals to spoof our web site, so caveat emptor," fewer people would use that site for e-commerce. So they don't say that. They say they have great security and you should trust them. If your security is strong, that's a win-win. If your security isn't that strong, don't blame the user after the fact.
The two examples feature separate problems that are both serious, but not easy to combine. The IRS phishing scam was enabled by an open redirect on the govbenefits.gov web site that allowed phishers to craft a URL that uses the govbenefits.gov URL but instead sends users to a web server in Italy. Security flaws in trusted sites are found and exploited quite often by phishing crews, who look for applications that are likely to allow redirection or cross-site scripting. The NIST site, which hosts the US cyber-vulnerability database, was recently found to be briefly vulnerable to cross-site scripting.
The eBay issue was simply a case of a tech support staffer who failed to recognize a scam domain, rather than any technical wizardry or social engineering expertise on the part of the scammers. It's a good argument for adopting defense at the browser level (i.e. toolbars and in-browser blocking) rather than counting on banks, registrars or hosting companies to shut sites down.
This issue is broader than the Vegan.com brouhaha, as a large number of RSS feeds are syndicated through third-party providers like Feedburner and Pheedo. In most cases, these services are providing value-added services (i.e. adding subscriber tracking and ad capabilities to the feed) and doing so with the knowledge and support of the initial blogger and/or podcaster. Asa result, a ton of content is being circulated via third-party RSS.
This case is an example of a podcaster who had no idea that another service was packaging his feed, and wound up not realizing how much he relied on the third-party (evil.pirate) for his traffic. But now that REAL evil pirates understand the potential for mischief by "podjacking" feeds, we'll soon see malware packaged and distributed via imposter RSS feeds.
Lawyer and ICANN blogger Bret Fausett is providing a steady stream of podcasts from Vancouver, including this one, which reviews the meeting in which the "non-decision" was announced. Apparently the staff at ICM Registry (the folks slated to run the.xxx domain) were completely blindedsided by Vint Cerf's announcement that.xxx had been tabled - which came right before ICM was to make a presentation on it.
I worked for daily newspapers here in New Jersey for 15 years before departing to write for web sites. My final print employer was the best newspaper I ever worked for, but hopelessly lost when it came to sorting out the Internet opportunity.
The issue, ultimately, was a corporate parent that pursued a broad "Internet strategy" that completely pissed away any chance for its individual newspapers to build their own web sites and learn the lessons Robin has just summarized so well. Instead, they jammed content from numerous papers into a single web portal they believed might have enough critical mass and page views to attract national advertisers.
Now those local papers have no Internet infrastructure of their own, no dedicated Internet staff, and no way to build a web site that focuses on their own community. Even if they read and understood what RobLimo has shared, I don't believe they're in any position to act on that knowledge.
I think history will view the consolidation of the news business into chain ownership as a fundamental mistake that moved key decisions further away from the readers and advertisers - the customers - who used the product and paid the bills.
Sure, it's a manufactured story. But it illustrates the Internet's amazing power to make something out of nothing overnight, and lots of folks will be reviewing how this was done so they can replicate it. I've worked in the news media for a long time (25+ years), and am hard-pressed to recall an instant PR success of this magnitude. The Google numbers are less important than the quality of the news organizations that rose to the bait - without checking to see whether it was even true. This was all over the Net yesterday, picked up by virtually all major media outlets that pay any attention to the Internet. Expect lots of people to develop a "playbook" and try to emulate this.
When Google Base was launched, it included cross-site scripting vulnerabilities that could have allowed an attacker to steal cookies and other information from users - which is no small matter now that Google has consolidated services such as AdWords and AdSense under a single login. The flaw was discovered by UK security researcher Jim Ley, who also found security holes in the Yahoo Maps beta and argues that betas are often unveiled without adequate security testing.
As for Google News, one reason it remains in beta is that it has no business model. If Google tries to put ads on Google News, the newspapers and magazines whose stories are listed on Google News would probably file lawsuits, alleging that Google is trying to profit from their content. Google's emergence is a threat to the major media outlets that represent much of the content on Google News, and some folks in the news business believe it will remain in beta untilthis problem is settled.
Google also has fixed a security hole in Google Base, which could have exposed sensitive information stored by users of Google's services. From the article:
"Google's move towards a single Google Account for multiple services exacerbates the problem, as the same account used by the Google Base site can also be used to access financially sensitive services such as AdWords and AdSense, and Google's GMail webmail service."
This is also important for SSL certificates, many of which use MD5. Existing certificates relying on MD5 are still secure, and new ones can be issued using different hashes. But this is one more motivator for NIST and the security community to decide on a way forward and start making it happen.
I've seen this kind of commentary over and over again in the past several years, and it almost always focuses on practices of "enthusiast" print magazines that rely upon game publishers for advertising revenue, as well as access to information. So why are these critics still reading fanboy game mags, when they could be reading better journalism on game blogs?
With just a little effort, you can find game bloggers writing about real issues, rather than just hyping the next big release. The next generation of game journalism isn't going to show up on the newsstand or in your mailbox. It's already on the web. Stop complaining about EGM and its ilk and surf some game sites already! Click on some ads while you're there, because the best way to improve game journalism is to support hard-working game bloggers who are trying to make a living at it.
For some examples, check out Video Game Media Watch and follow some links. Or just read Terra Nova or Game Politics or GamesBlog or any of about a dozen other good blogs I could mention. You'll feel better about the State of Game Journalism.
Once the retail outlets run out of a console or handheld, they start selling at premium prices on eBay. Last Christmas the Nintendo DS was selling on eBay for about $30-$40 above retail. There was plenty of supply, too. retailers didn't have it, but eBay did. Genuine shortage or market manipulation? Hmmmm...
Therein lies the challenge for a manufacturer auction, as their motives and marketing practices would be suspect (hence the parent post).
... hence the link to that URL rather than direct link to individual blogs. If a midnight Slashdotting brings Akamai and its 15,000 servers to its news, I guess THAT would be news.
Hey, if it happens, we'll have to post a link about the Akamai outage and see if it happens again.
Slashdot Mirror
Phishing protection is already available as an extension via the Netcraft toolbar extension.
Then is it not cheating in Everquest II because Sony offers Station Exchange for sanctioned trading? Perhaps Sony just want to be paid when it's players cheat.
I haven't read the "Christian" version of Albrecht's book, but I'm reading "Spychips" now. I bought it after reading the story here on Slashdot about data center engineers having RFID chips implanted in their arms for security access. The plain fact is that whatever Albrecht's religious leanings, the book is really well reported, with a ton of information from patent filings filled with surprising revelations about the ways major corporations want to integrate RFID into everything. I think it's an important book that raises awareness of the potential privacy issues surrounding RFID. It sure raised mine.
In fact, if you look at the screenshot from the Washington Post story, you'll see that the Post's computer was using the Netcraft toolbar, and that the red "Risk Rating" bar indicates a risk rating of 10 - the highest possible risk. Even though the SSL certificate and ChoicePoint "identifier" didn't flag the site as suspicious, the Netcraft toolbar did.
Phishing scams have been using SSL in attacks since 2004. Last year Netcraft identified more than 450 phishing attacks that used SSL certificates in one form or another. However, the tactics seen in the Mountain America attack are more sophisticated than previous attempts. In many previous attacks the phishing crews have used an https URL with an SSL cert they know will trigger a browser alert, banking on the likelihood that many users will trust the padlock and ignore the certificate. This one is designed to fool more sophisticated users who actually check the certificate.
"Albrecht and McIntyre, who are Christians, also have religious concerns about RFID chip implants. In their latest book, "The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance," the pair explain how plans by global corporations and government entities to broadly deploy RFID could usher in a world that bears a striking resemblance to the one predicted in Revelation, the last book of the Bible."
If the facts are accurate - and no one seems to be disputing them as yet - then their motivations aside, they've provided an important service to privacy watchers. It's interesting to see Christian activists approaching the issue with fact-based investigative reporting rather then just Scripture.
The list of highest all-time domain sales is also interesting reading.
But that might be changing. Last year Jason Calcanis of Weblogs Inc. was touting his network's AdSense revenue, and noted the low per-click payouts for WIN's video game sites, several of which were inactive soon after. But Calcanis, who tracks AdSense trends very closely, recently changed his mind and launched the Joystiq network, which includes new sites focused on the Xbox 360, PSP and World of Warcraft. My guess is that Calcanis has seen the payout numbers improving.
In addition to pointing out all the bad journalism out there, these sites help identify blogs and magazines that strive to offer better writing and reviews. Visit those sites and click on a few ads. Marketing-driven articles continue to appear because game publishers pay the bills. That only changes if game mags and sites can develop business models where they are accountable primarily to you - their readers - rather than game companies.
Jesper Johanssen, a Senior Security Strategist in the Security Technology Unit at Microsoft, has offered "non-official" observations on his blog. It includes a workaround I hadn't seen mentioned elsewhere, which involves changing the "Run As" setting in Internet Explorer to a non-admin user.
I worked in newsrooms for a lot of years, and lived through several redesigns of print products. A tool that was really useful was Eyetrack, a tool that improves reader studies by strapping a camera to their head and documenting which page feature (headlines, photos, text) catch the reader's eye. This has been used in newspaper redesigns since the early 1990, and was also used in a major study of online news sites in 2004. There's a lot of data there that is based on readers' actual practice, rather than conjecture about what editors' or consultants believe about design. I think the 2004 study helped a lot of online news sites improve their designs, as it confirmed advice that many web experience professionals had been sharing with newspapers.
Another useful book that can raise awareness and understanding is "Phishing: Cutting the Identity Theft Line," by Rachael Lininger and Russell Dean Vines. It covers everything from the basics to detailed strategies, with summary sections of action points for IT staff, users and financial execs. About $20.
If a business web site claims to implement extraordinary security to protect its users, it needs to live up to that claim. If a web site discloses that "coding errors could make it easier for criminals to spoof our web site, so caveat emptor," fewer people would use that site for e-commerce. So they don't say that. They say they have great security and you should trust them. If your security is strong, that's a win-win. If your security isn't that strong, don't blame the user after the fact.
The eBay issue was simply a case of a tech support staffer who failed to recognize a scam domain, rather than any technical wizardry or social engineering expertise on the part of the scammers. It's a good argument for adopting defense at the browser level (i.e. toolbars and in-browser blocking) rather than counting on banks, registrars or hosting companies to shut sites down.
This case is an example of a podcaster who had no idea that another service was packaging his feed, and wound up not realizing how much he relied on the third-party (evil.pirate) for his traffic. But now that REAL evil pirates understand the potential for mischief by "podjacking" feeds, we'll soon see malware packaged and distributed via imposter RSS feeds.
FWIW, the guy who runs the third-party service has an entirely different take on this matter.
Lawyer and ICANN blogger Bret Fausett is providing a steady stream of podcasts from Vancouver, including this one, which reviews the meeting in which the "non-decision" was announced. Apparently the staff at ICM Registry (the folks slated to run the .xxx domain) were completely blindedsided by Vint Cerf's announcement that .xxx had been tabled - which came right before ICM was to make a presentation on it.
The issue, ultimately, was a corporate parent that pursued a broad "Internet strategy" that completely pissed away any chance for its individual newspapers to build their own web sites and learn the lessons Robin has just summarized so well. Instead, they jammed content from numerous papers into a single web portal they believed might have enough critical mass and page views to attract national advertisers.
Now those local papers have no Internet infrastructure of their own, no dedicated Internet staff, and no way to build a web site that focuses on their own community. Even if they read and understood what RobLimo has shared, I don't believe they're in any position to act on that knowledge.
I think history will view the consolidation of the news business into chain ownership as a fundamental mistake that moved key decisions further away from the readers and advertisers - the customers - who used the product and paid the bills.
Sure, it's a manufactured story. But it illustrates the Internet's amazing power to make something out of nothing overnight, and lots of folks will be reviewing how this was done so they can replicate it. I've worked in the news media for a long time (25+ years), and am hard-pressed to recall an instant PR success of this magnitude. The Google numbers are less important than the quality of the news organizations that rose to the bait - without checking to see whether it was even true. This was all over the Net yesterday, picked up by virtually all major media outlets that pay any attention to the Internet. Expect lots of people to develop a "playbook" and try to emulate this.
As for Google News, one reason it remains in beta is that it has no business model. If Google tries to put ads on Google News, the newspapers and magazines whose stories are listed on Google News would probably file lawsuits, alleging that Google is trying to profit from their content. Google's emergence is a threat to the major media outlets that represent much of the content on Google News, and some folks in the news business believe it will remain in beta untilthis problem is settled.
"Google's move towards a single Google Account for multiple services exacerbates the problem, as the same account used by the Google Base site can also be used to access financially sensitive services such as AdWords and AdSense, and Google's GMail webmail service."
This is also important for SSL certificates, many of which use MD5. Existing certificates relying on MD5 are still secure, and new ones can be issued using different hashes. But this is one more motivator for NIST and the security community to decide on a way forward and start making it happen.
With just a little effort, you can find game bloggers writing about real issues, rather than just hyping the next big release. The next generation of game journalism isn't going to show up on the newsstand or in your mailbox. It's already on the web. Stop complaining about EGM and its ilk and surf some game sites already! Click on some ads while you're there, because the best way to improve game journalism is to support hard-working game bloggers who are trying to make a living at it.
For some examples, check out Video Game Media Watch and follow some links. Or just read Terra Nova or Game Politics or GamesBlog or any of about a dozen other good blogs I could mention. You'll feel better about the State of Game Journalism.
Therein lies the challenge for a manufacturer auction, as their motives and marketing practices would be suspect (hence the parent post).
Hey, if it happens, we'll have to post a link about the Akamai outage and see if it happens again.