MySpace says don’t believe the hype

I found something ironic in this story on MSN. MySpace, made popular through the ease of connecting to other people and related “hype”, is apparently telling people not to listen to what they hear on the street.

The popular Web hangout MySpace.com is as safe as anyplace in the offline world despite recent reports that sexual predators may be using it to find and lure young victims, the company’s CEO said.

“If you go to the mall and start talking to strange people, bad things can happen,” Chris DeWolfe, the site’s co-founder, said in a telephone interview. “You’ve got to take the same precautions on the Internet.”

I am not a PR expert, but from a security perspective I find this position odd. After all, it comes from a company that provides a platoform to people that enables them to represent themselves as someone they are not.

In other words, the analogy could be translated into “if we provide a forum that strips away all the controls you might use in a mall to protect yourself (e.g. physical appearance), and don’t give you anything to protect yourself (e.g. we have no alternative checks and controls to suggest or provide to you), you can’t expect us to be liable for your behavior.” And that doesn’t sound right for a reason. The next question to DeWolfe should have been “what exactly do you mean by ‘same’ precautions?”

Visa, banks still fighting Feb debit card breach

Back in March there was a good deal of news about a Feb attack on a retailer that exposed many debit cards:

a total of eight banking companies — Citigroup Inc., Bank of America Corp., JPMorgan Chase & Co., Wachovia Corp., Wells Fargo & Co., Washington Mutual Inc., National City Corp., and PNC Financial Services Group Inc. — have confirmed their customers may have been compromised and all said they would reissue debit cards to some customers. […] sources close to the matter said they believe the lead theory is that hackers “accessed servers at about 30 stores belonging to a large, national retailer and stole data from the cards’ magnetic stripes, encrypted customer PINs (in a format known as PIN blocks), and the keys to decode the PIN blocks. “The criminals used the magnetic stripe information to create counterfeit cards, and the decrypted PINs to withdraw cash from automated teller machines, the sources said.â€? […] Customers are asked to monitor their accounts for suspicious activity and immediately report anything out of the ordinary. Silvestri [the spokesman for Wachovia] said he is a frequent debit card user. He said he likes to check his account online at least once a day.

One might almost think about getting a link to your phone so every transaction has to be approved via cell. Imagine if an ATM sent your phone an SMS message asking for confirmation…or if your cell-phone had a random number generator that you had to type into the ATM along with your PIN.

Apparently the breach is still newsworthy as banks continue to replace cards, almost five months later, and the reporters are starting to hint that an ATM processor was the real source of problems:

Charlotte, N.C.-based Wachovia issued the card replacements last week as an antifraud measure, said bank spokeswoman Mary Beth Navarro. She declined to explain the circumstances that triggered the action after several months. […] Visa has encountered security problems with other contractors besides the ATM processor that triggered the February alert.

Search engines pun-ish journalists

On a slightly related note to my earlier comment about NSA data mining, I just read a rather amusing paragraph by Peter Preston in the Guardian:

The New York Times’s own search wizard recites his golden lessons for search referral. “Don’t get cutesy. Put yourself in the mind of your audience. Use the words your audience might use to seek your content.” Don’t say “Mourning crowds converge on Vatican”, say “Pope dies”. And don’t wander deep into the forests of argot, where Macca chases Mucca, where Big Ron used to be a footballer manager but may now be a tubby Brazilian centre forward, where German fans signal their enthusiasm for their English counterparts via “Love is in the Herr”. None of that is grist to the Google mill. All of it is search repellent. Bring me boring heads on chatty blogs. Computers don’t do jokes; it’s just pun of those things.

Nicely done Peter! Sometimes I wonder if the best writing in London comes after closing time on the Strand.

But more importantly, I also wonder if puns are not only classified by cryptographers as unbreakable to artificial intelligence, but whether they will find their way to clever linguistic acrobats trying to fly below radar. Imagine underground groups all speaking in puns. Oh, poetry, wherefore art thou…

French trials and Denard again goes free

Here’s a late twist to the story of Gilbert Bourgeaud (aka Bob Denard), the infamous mercenary: apparently his lawyer argued in French court that Denard simply was acting on behalf of the government to destabilize foreign nations including the Comoros. The French authorities have rejected his claims and ruled that Denard should get a five-year suspended sentence. The BBC describes him thus:

Bob Denard, 77, contributed to bloody conflicts across Africa for nearly 40 years, but the French mercenary is best known for his interventions in the Comoros Islands, one of which has led to his conviction in a French court.

He once described himself as “a soldier never an assassin”, and has claimed he was acting in the interests of France or other European powers, though he was once accused of plotting to assassinate a French prime minister.

So, to recap, Denard led a sucessful military coup against Ahmed Abdallah in 1975 (after the islands declared independence from France). Denard then led another coup in 1978, this time installing Abdallah as President. In 1989 President Abdallah was killed by Denard’s men, but Denard avoided any charges in French court for wrongdoing. Then in 1995 Denard staged another coup in the Comoros, which “failed” when the French army moved in to “restore order”…and so Denard, a free man, settled in Paris to await sentencing for what he described as serving French interests.

Imagine trying to keep information secure when you never really know who you work for and who will be next in power or what they will declare right and wrong. Non-repudiation and plausible deniability is an important factor in these international webs of intrigue.

In slightly related news, an intelligence officer turned General (now retired) has continued to argue that he was not only ordered by the French Government to torture Algerians, but that it is the right thing to do in times of conflict:

The Paris appeals court confirmed that General Paul Aussaresses, 84, must pay a fine of 7,500 euros ($8,300) – the punishment handed down by a criminal court in January last year.

Aussaresses admitted torturing and killing 24 Algerian prisoners-of-war in a book he published in 2001 about the conflict.

[…]

Aussaresses said Friday’s ruling was “stupid”. He added that he had “neither remorse nor regrets” and would appeal to France’s highest criminal court.