trolls

Identify bad guys through writing style

Dave Farquhar security, Writing , , , , , ,

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

How to become an Info Assurance Analyst

Dave Farquhar security , , , , , , , , , , , ,

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

Defusing in person

Dave Farquhar security , ,

My name, and my department’s name in general, gets thrown around a lot at work. We have a bit of a reputation as the can’t-do guys.

Professionalism dictates I not go into specifics about what kinds of things we reject or disapprove, but if I were to explain them, no security professional would disagree with me.

The other side of the argument, of course, is that the system still does its job the way it’s supposed to do and the system cost a lot of money. Here’s a story of a tense situation and how we were able to come to an understanding. Read more

Tech Central in South Africa trolls the tech support scammers

Dave Farquhar scams

Apparently the fake Microsoft tech support scammers call South Africa too. Tech Central’s experience is close to mine, but since they actually let these jokers into one of their machines, they found out something about their game that I’ve never seen.

Apparently, once you get further into their sales pitch, they get into your machine, ask for payment, and if you hesitate to pay or refuse, they start deleting files out of revenge.

I’ve never actually let these guys get into a system I care about, though I have actually let one in to a system that really did have a couple of viruses on it. I wanted to see if they would find any real problems. They didn’t.

So, knowing that they maliciously delete would-be customers’ data if they show second thoughts, I think it’s a good idea to string these guys along for as long as we can when they call those of us who know better. Two of us doing that each night is enough to save one person from being victimized.

Are comments worth the trouble or not?

Dave Farquhar net.culture , ,

Gawker founder Nick Denton (home of Mac Hacker, er, Lifehacker; Gizmodo; io9; Jalopnik; and formerly Consumerist) says online comments aren’t worth the trouble.

I agree and disagree.
Read more

A source of great inspiration evaporates

Dave Farquhar security , ,

Google announced this week that it’s defaulting to https (secure) searches, and not passing search queries on to the sites its user clicks anymore. It’s the end of an era, I guess, and I’ll miss it.

Yeah, I looked at the search queries that come into this site. I’ve been doing it for years.

Read more

Random thoughts from the day after bin Laden died

Dave Farquhar Uncategorized , , , , , ,

It was 9:15. I was tired. I’d been reading, then I went to my computer to check baseball scores. I saw that the president had called a press conference for 9:30 CST, with no indication what it was about. 9:30 PM on a Sunday night isn’t when you usually call press conferences, and there’s usually some indication what the subject will be. I was curious enough to click around to see what was going on, but when I didn’t find anything right away, I went to bed.

This morning I woke up, went straight to the Kansas City Star’s baseball page to get an account of last night’s Royals-Twins game, and out of the corner of my eye, spotted the last headline I ever expected to read: “The Raid that Killed bin Laden.” What? Beneath it was a similar headline. I clicked, read the first two sentences to make sure I was reading the right thing, then raced into the bedroom, where my wife was getting our two sons dressed.

“They got bin Laden,” I said. And she did the same double-take that I did, and made me say it again.

Read more

And we have safely arrived in the 21st century.

Dave Farquhar Servers and Networking, This weblog ,

It wasn’t the smoothest of transitions, but it went a whole lot better than it could have. I’ve moved the venerable Silicon Underground, with its nearly 1,800 posts spanning a little over a decade, to WordPress 3.0.1.

This blog’s been pretty stale for a long time. Some of that is due to the software. Some of it’s my fault. Blogging software has really advanced a lot in the last few years, and the software I’ve been using since 2004 was a bit behind the curve even then. In its defense, in 2004 nothing could do everything I wanted, and the system I chose was one of the few that required login and authentication, which I desperately needed in order to stop spam. But then registration broke, and I didn’t fix it, which meant only longtime readers could comment.

For commenting, we’re going back to username and e-mail address with optional URL, and with some spam analysis tools hopefully filtering out the spam. Users are moderated until their second comment, which will help take care of the trolls. Comments containing multiple hyperlinks automatically go to moderation. And comments will be closed after some period of time, probably 14 days. Discussions usually go downhill as time goes on.

Will I post more now that it’s easier? Probably.

Modern blogs can interact with one another; mine was always an island. Now I can trackback and pingback like everyone else, which will probably prove useful.

I’m sure I’ll be making changes for a while, but this is a big improvement.

I’d like to thank Steve D. and Rich P. (you know who you are) for their help with the migration. It only took me what, three years to go through with it? Four? And then it ended up taking about two hours of real work, if that, spread out over the course of a couple of weeks.

In case anyone\’s wondering why I don\’t run an open forum anymore…

Dave Farquhar This weblog , , ,

I think David Pogue sums up what’s wrong with online etiquette pretty well.I know I got sick and tired of ducking rocks from anonymous know-it-alls. That irritated me as much as spam. My blog is a hobby. It brings in a little bit of money, but I’m not sure that the money covers the increase in my electric bill. I run my blog because I enjoy writing and because I’ve found a shortage of some types of useful information, so I tried to remedy that shortage when and where I could.

So I started requiring registration. In the process I pretty much ruined the blog, because I ditched b2 in favor of the software I’m using now. Of course, a few months after I made that change, b2 evolved into the lovely and wonderful WordPress, which now everyone and his brother is using.

Then Southwestern Bell started blocking SMTP traffic, preventing my software from sending out registration notices. There’s a workaround out there for that, but I still haven’t convinced myself, two years after I became aware of the problem, that it’s worth fixing. I’m sure I’m losing readership because people who want to be able to sign in and comment can’t, but I find I rather enjoy not having to deal with idiots. The dozen or so people who are left are nice people who say intelligent things.

Don’t get me wrong, I deal with some rude and poor-intentioned people at work. The rudest and most difficult, not coincidentally, are the people I’ve never seen but only spoken with over the phone and e-mail. But even they control what they say a little bit. There’s always the danger that we’ll run into each other someday, after all.

I remember about seven years ago when I wrote something that made the front page of Linux Today. It was a thrill. I even ended up exchanging e-mail with the president of Mandrake, and some suggestions I made for features found their way into later versions of that Linux distribution. Those were fun times.

What goes through my head when I realize that I’ll never make the front page of Digg?

One word: Good.

I still love to write, and I may have even figured out how to make enough money writing to make it worth my while to write regularly again. To be honest, right now I don’t have time to write regularly, but when it’s worthwhile, I can always find ways to make time.

Blogging fits into that equation, so I guess sometime between now and then, I’ll have to figure out some way to deal with the trolls.

Whatever happened to… online politeness?

Dave Farquhar net.culture , , , ,

Very early in my BBSing days (1989 or so), I was talking to the operator of one of the first BBSs I called. He said he instantly bans anyone who engages in "flame wars."

I didn’t know what a flame war was, though I found out pretty fast. And they’re just as much a problem today as they were back then. Maybe more, since people can talk any time and they don’t have to wait for the BBS line to get un-busy.Gatermann and I were talking about how rude people can be online. It’s frustrating to me–probably the most frustrating thing about the ‘net. But that human contact is the best thing about the ‘net, so of course I always come back, no matter how torqued off I get.

But I think that’s the problem: Human contact. The computer dehumanizes it.

I first noticed myself dehumanizing when I was meeting girls on eharmony.com two summers ago. The girls outnumber the guys there, so if you’re a guy, unless you’ve really narrowed your focus, you’re going to get a lot of matches. It felt kind of like playing Alter Ego or another early game that tried to simulate human contact. I’d say something and try to see what they sent back. And it was at the point that I got to see one girl’s picture that it suddenly dawned on me that there was a human being sitting on the other side of that keyboard and monitor.

I don’t think some people grasp the concept of talking through a machine versus talking to a machine.

Of course, some people may just hide behind it. They can’t see the look of hurt on the other person’s face, and the other person can’t reach across the table and smack them when they have it coming, so they act like trolls and get away with it. Maybe they even relish it.

The most blatant example I’ve seen is a guy who swoops in on most of the train boards once a month or so. He’s a millionaire in Washington, D.C. (he’s a trash-hauling magnate, from what I understand), and supposedly has a train collection and layout that must be seen to believe. I’m told that in person he’s a great guy, and supposedly just about anyone can come into his house and see his layout just by asking.

But online, he’s a monster. He swoops in, says rude things, watches the volcano erupt as the people who disagree with him start screaming, and then the people who agree with him start screaming, and mostly just sits back and enjoys watching people bicker and throw temper tantrums.

That’s my worst experience, mostly because I stay out of chat rooms, except for a Yahoo chat room that meets on Saturday nights and talks about repairing Marx trains. The start of the whole conversation was Gatermann telling me about someone he knows signing onto a chat room. She got to talking to some guy she didn’t know from Adam, and almost immediately demanded to see pictures. And I’m not talking the kind of pictures you show to your mother.

Maybe some people enjoy being Dr. Jeckyl in person and Mr. Hyde as soon as they sign on to the Internet. Maybe some just can’t get the idea in their head that they’re talking to a human being, since they’re not hearing a human voice and they’re not seeing facial expressions.

Anymore, I try not to say anything online that I wouldn’t say in person to someone I expect to see again. And the funny thing is, that actually keeps me out of trouble most of the time.

To take care of the rest of the time, there are certain things that I just try to avoid talking about.