July 2009 Archives

How to avoid ads in Google Mail

Pretend to be bereaved and/or disastered.

| No Comments | No TrackBacks

Via waxy, a way to remove Sponsored Links from Google Mail:

Google does not use humans to read your email, only computers. These computers search for keywords that trigger the advertisements, however, if they hapen to find a catastrophic event or tragedy Google errs on the side of good taste and removes the ads altogether. […] After extensive testing I’ve discovered you need 1 catastrophic event or tragedy for every 167 words in the rest of the email. I usually toss in a couple extra for good measure. I’ve been told by an early adopter that the very elegant and self explanitory “These words are designed to kill advertisements” works wonderfully.

What fascinates me about this is that this is fundamentally the same idea as a popular form of NSA-baiting Usenet posters hit upon 15 years ago: sprinkle random incendiary keywords (e.g. terrorism, murder, child porn etc.) in your signature so the NSA (National Security Agency - or, if you prefer, No Such Agency) would pick up on your message and their computers would get swamped with false positives.

(Never mind that the NSA, if they were ever so slightly bothered by this sort of stuff, would just adjust their algorithms to mostly or even entirely ignore signatures.)

Then, people assumed that a great threat to their way of life was that the NSA - a major secretive government body with far too much computing power and secret technology - would tap into their usenet communications. Now people know that Google (or any semi-competent large company) already knows absolutely shedloads about them, and just wish for Google to leave them the hell alone.

Internet security doesn't work

Or won't for much longer.

| No Comments | No TrackBacks

I’ve written about this before: too many websites ask you to confirm your identity via questions that are comparatively easy to crack.

Today, like buses, two very-well argued essays argue that this is a major shortcoming of Internet, or indeed banking in general, security as a whole.

The anatomy of the Twitter attack:

Each new service that a user signs up for creates a management overhead that collapses quickly into a common dirty habit of using simple passwords, everywhere. At that point, the security of that user’s entire online identity is only as strong as the weakest application they use - which often is to say, very weak.

[…]

Giving the user an option to guess the name of a pet in lieu of actually knowing a password is just dramatically shortening the odds for the attacker. The service is essentially telling the attacker: “we understand that guessing passwords is hard, so let us help you narrow it down from potentially millions of combinations to around a dozen, or even better, if you know how to Google, just one”. The problem is not the concept of having an additional authorization token, such as mothers maiden name, that can be used to authenticate in addition to a password, the problem arises when it is relied on alone, when the answer is stored in the clear in account settings, and when users end up using the same question and answer combination on all of their accounts.

And via Danny O’Brien, why credit card security is flawed also:

Too much customer data is used for multiple purposes, in ad hoc stop-gap fixes for security problems.

[…]

biographical data and service history are now useless as authenticators. But they should never have been used as such in the first place. It might have seemed clever at the time to use “shared secrets” like account balance on an ad hoc basis to authenticate customers, but as a weapon against identity theft, it’s precisely like putting out fire with gasoline.

[…]

Privacy suffers the more so because regular data becomes attractive to thieves when it re-used in authentication. And customer convenience deteriorates as each service takes its own idiosyncratic approach to knowledge-based authentication, and what’s worse, keeps changing its own approach in the cyber crime arms race.

Yesterday I was messing about with banking websites, and they were asking me “security questions” such as my father’s first name. I felt faintly proud that my father went by his middle name, so his first name was slightly more obscure. We can do better than that.

A comic that you must read forthwith

Charles Babbage and Ada Lovelace: They Fight Crime!

| No Comments | No TrackBacks

Via Making Light, which has sequential links to the major comics, Babbage and Lovelace. It’s not your usual webcomic - for one thing, the artist wrote it primarily as a way of avoiding other work, so updates will by necessity be haphazard - but the idea is fantastic, the art is great, and the author comments have that wonderful “yeah, I know I’m taking liberties with historical fact, but the crazy thing is I’m not taking as many liberties as you might think, OMG!” vibe that suggests it’s only going to get better.

Also, it features Isambard Kingdom Brunel.

Awesomeness