Image by sociomantic via Flickr

I don’t know who came up with using quotes. But having analyzed much of the traffic that goes across social networks, I have to say that if you use quotes, you’re asking for trouble.

Why?

Have you ever looked the twitter bot accounts and what they post? Usually, a substantial number of them use quotes. Those that filter onto Facebook also use quotes. In fact, there really isn’t any time that those bots don’t throw in the quotes section since they want some filler that could be applicable to human interaction. And thus, those of us that actually do watch and read the traffic become extremely desensitized to quotations.

This is a lose-lose situation. First, the people that read don’t feel like there’s substance there so they skip reading your information, even if you might have some fabulous stuff later on. What can I say, the attention span of Internet users is fairly short. But also, the user of the medium that has integrated quotations also gets thrown into the bucket with the spam bots. Now, I don’t know about you, but I wouldn’t want to be in the same bucket as spam bots.

If you do use quotes, I implore you to stop. It’s not helping and the filler really isn’t useful. If you intend to keep at it though, no worries. The rest of the world is probably ignoring you.

Image via Wikipedia

If you didn’t know already, the encryption for GSM’s antiquated algorithm has been cracked. All 64-bits of it. And guess what…. apparently most carriers haven’t upgraded to the 128-bit algorithm because… well, I’m not exactly sure. I suppose security by obscurity is probably the key reasoning behind this, but A5/1 which has been around since 1988 was replaced by the GSM Association in 2007 with A5/3 but most carriers haven’t bothered to upgrade.

It’s not anything spectacular since the 64bit keys were cracked through brute force, and with the computing power these days along with parallel computing, you can pretty much crack the smaller length algorithms through brute force easily. And this doesn’t allow you to listen in on the calls just yet, it just opens the doors to any of the communication that runs on those bands if the carriers haven’t changed the codes on you not to mention the legality of breaking those codes outside of academic research.

There are a couple ways around this problem. One is to upgrade to a larger key such as 128 bit (which is pretty standard considering many banks run SSL certs on 128 bit encryptions). Not the super-safe, but it does create a lot more combinations to guess through brute force. The other way is through the methodology similar to RADIUS with WPA for Wifi. Wifi keys are easily broken, but if you have a service that continuously rotates those keys and makes it a dynamic password, then any hacker is left with a time limit to break in. From a security standpoint, this becomes a more daunting task.

And as far as iPhones are concerned… oh… if you own one and didn’t know already…(as do most of the world’s mobile devices), they run on GSM carriers. But then again, so will Google’s Nexus One.

Either way, Microsoft has identified this issue and has apparently locked down the compromised accounts. If you were compromised and are locked out, there is an email form that Microsoft Live has set up for you to reclaim your account. I took a look at it, and it asks for some serious private information.

All of this should teach you (the end user) something. Lesson here is that you don’t click on anything ever in emails or otherwise, when you can go directly to the site itself and look for it. One of the reasons I have always hated HTML emails since it stupefies the entire security aspect and makes it a more difficult problem since you go against human nature. Thus? You’ll never see me prefer text over HTML any day of the week. You can dump links there, but I can read them.

Using a special algorithm, it calculates out whether or not a person is potentially a spammer and gives them a score. Based on whether or not TwitBlock users have marked the user as a spammer, the effect of the scoring goes up or down. It’s actually a pretty interesting method since most of the ways of detection are common sense things.

I would probably say that most people that have more than a thousand followers probably have quite a few bots and such on there, but at least there’s a way to somewhat detect these now instead of going through your followers one by one.

If you’re curious about it, definitely run this every so often on your account. It uses OAUTH so you actually never give it your password and such which is a great thing from a security standpoint of a third party application. Give it a whirl.

So in case you were hoping to get your tweeting in today, you might encounter some issues over there.

Sometimes, I find spam absolutely hilarious.

I mean, check this one out that came through our small business accounting software site. What really got me was the fact that it was sent from a gmail address and the reply to: field was the same gmail address. What’s even more interesting is that the actual address has always been a gmail if you do a search for this fellow, and the addresses just change. Seems rather “phishy” to me. Here’s the actual content of the spam email:

We would like to get your website on first page of Google.
All of our processes use the most ethical “white hat” Search Engine Optimization techniques that will not get your website banned or penalized.
Please reply and I would be happy to send you a proposal.

By now, if you haven’t junked it or laughed at it and then junked it, you would need to realize a couple things. First is that while white hat SEO is a great term, it doesn’t really fly in the face of those that have no inkling of what it is. The second is that spamming someone’s forms really isn’t considered “ethical” by any means so it doesn’t give credence to your SEO tactics. Last of all? Really. If you expect people to take you seriously for SEO, then you need to get a real website, with a real company name and be able to show up on the first page of Google for “best SEO company“. Let’s face it. If you’re truly good at what you do, you’d be there wouldn’t you?

If you’re one of the many that are searching for positions on the Internet and probably sending your resume along on those job sites, be wary. One of the latest scams that has been broadcast in the past six months through security firms has been an increase in identity theft through job postings.

Think about it. You’re desperate to become employed again, you hand over your social security number, name, address, and all sorts of other identification materials to a “potential” employer just to realize that they don’t exist. My suggestion? Do your homework.

While you might not stop every sort of theft, providing due diligence will greatly decrease the risk of being taken for a ride. See if that person actually represents the company that they claim they are. Are they overseas and using a local number to contact you? Do they represent a placement agency? Perhaps you’ve never even heard of this business that they claim is several miles from your house and it’s not in the phone book. There are always signs to these sorts of scams.

If you don’t, you take a great risk. If you do, you minimize that risk. And best of luck on your search.

I never did understand why direct mail never came under as much scrutiny as spam. Everyone has an issue with spammers, but most actually just suck it in and deal with direct mailers.

Now let’s be honest, if you look at both sides, they operate under the same concept but just in different mediums. Direct mail uses the postal service, while spammers use the Internet. You have no say in either thing on whether or not you get it, and both are trying to sell you something. And just like having an inbox, if you have a mailing address, you will get some regardless of how hard you try to keep it completely hidden.

So my question is… why isn’t direct mailing under similar rules as the CAN-SPAM Act? Why is it that we have to suck it up and deal with this type of marketing tactic and not the other? It seems like they would fall under similar regulation rules since the difference really only being that one being electronic and the other is physical. In fact, now that I think about it, I’ve even taught the concept of emailing with the analogies of home addresses.

I suppose it’ll never be changed, but one can always wonder since both are annoyances in most people’s lives.

I mean, seriously. Do they think that you opt-out of the marketing and promotional materials because you’ll want to be reminded that you had opted out? Uhh. No. Sorry, Microsoft. That’s definitely a spam-fail on your end. Reminding me, that I opted out of your spam, means that you basically did not abide by my preferences of not bothering me with promotional offerings. And yes, I consider the fact that administrative type emails of promotional offerings to be under promotional offerings and not under critical administrative messages.

I wonder what brilliant person came up with that one. Hey! Let’s spam all the people that don’t really want spam with a message that says… hey, we wanna send you spam, but we can’t because of your preference! To add insult to injury, they add on a note that talks about how they respect your privacy and have a link to their privacy statement.

Sometimes, it definitely makes you shake your head and wonder what goes on in those ivory towers.

The United States Sentencing Commission has voted but I haven’t found anything on what they’ve actually decided.

Basically, there was legislation put out there that was written in too broad of a format where it said that any sort of proxy server use could increase jail time up to 25%. Now, in essence, the way it’s worded would mean that proxy server use seems to be a secondary offense if you use it for means of hiding yourself to do illegal deeds. And knowing that there are things such as bouncers, and darknets, there’s definitely a reason for this from a law enforcement perspective. But on the flip side, if you strictly say that there is jail time in direct relationship with proxy server use, then that’s completely incorrect and then you render the that argument invalid since there are many uses of proxy servers including those of privacy concerns.

From my perspective, I believe that there’s more to it than meets the eye. It’s not just privacy that I would worry about for your average Net surfer but the fact that translation servers like the one used by Google, is technically a proxy server since it can translate websites and redirect. This means that as a proxy, the host website sees Google instead of your IP address and thus is in a “proxied” fashion. Would you jail those that use translations? What about other means of redirection that are legitimate? Thus, I believe that using the terminology as proxy servers by itself would be too broad. There has to be some sort of offense tied to the use to cover illegal means.

That being said, there are darknets and hosted vpns that you can use for privacy use. TOR is just one of the many. But I think that both sides have to be weighed and find the correct wording choice that doesn’t interfere with privacy, or legal use versus prevention of law enforcement to chase down those that use proxies for unethical behavior.