Links: US virus scam, CurrentC’s woeful policies, when crowdsourcing goes wrong, and more

City of #SF has deployed #NFC payments for street parking meters. #mobile

A selection of 12 links for you. Use them wisely. Comments are open (but moderateable).

Acting on Facebook Referral, FTC Gets Federal Court to Shut Down Scam Support Outfit Pairsys – AllFacebook

Acting on a referral from Facebook, the Federal Trade Commission announced Friday that at the commission’s request, a federal court shut down the operations of Pairsys, an Albany, N.Y.-based company that coerced computer users into paying hundreds of dollars apiece for unnecessary technical support and software that was available free-of-charge.

According to the FTC, Pairsys employees cold-called computer users and posed as representatives of Facebook or Google, and the company was also behind online ads that indicated that its phone number was the technical support number for legitimate companies in the industry.

Damn. The Indian “Windows virus” variant was bad enough; now it’s metastatized to the US and UK.


Apple Pay Reality – accepting payments >> Quora

Brian Roemmele:

80% of the US transaction payment card volume comes from 150,000 merchant locations. These are the largest retailers in the US.

If we subtract the MCX members like WalMart and Target we are left with just over 60% of the top 150,000 top volume merchant locations accepting Apple Pay. This number is increasing rapidly as 250,000 medium sized merchant and the 5.5m small merchants join the Apple Pay rocket ride. This group has increased demand for NFC devices by over 3,000%. These merchants are rapidly adding these free upgrades to their existing payment card devices at such a record pace that supplies that were going to be sent to Europe are now being sent to the US. I see no slow down to this demand.


CurrentC User Terms and Conditions >> MCX

So much to choose from here. What about
– no “jailbroken” devices (might rule out some Android fans)
– you have to create a CurrentC account (obviously) for which “you will be asked to provide your name and certain other personal information, which may include, but not be limited to, name, email address, date of birth, and social security number. In addition, you will be asked to provide MCX with your Payment Method account information (such as bank account or other financial account information) necessary to originate, process and settle your payment transactions with participating MCX Merchants.” Though it says in the privacy policy that it doesn’t store those.
– “You grant MCX express written consent to receiving autodialed and prerecorded message calls, text messages or push notification alerts from MCX, or those Third Party Services providers acting on MCX’s behalf, at any mobile telephone number you provide to MCX, regardless of your registration of your mobile device number on any state or federal “do not call” registry. Your express, written permission applies to messages and alerts regarding the MCX payment transaction Services and any optional Services you have elected to receive.”

The privacy policy is amazing too: collects system activity; hardware settings; date and time; location; IP address; and then “may share or disclose” to merchants, third-party providers involved in providing the services, and so on.

It’s quite creepy. And giving a merchant organisation direct access to your bank account? You’d hope US consumers have seen enough examples of hackers breaking into retailers not to go for that.


How crowdsourcing turned on me >> Nautilus

Iyad Rahwan had taken part in a number of Darpa challenges, and succeeded using crowdsourcing. When it came to putting back virtual shredded documents using a crowd, all was going well – until a troll hit and scattered their work:

In our post-mortem analysis, Cebrian and I revealed how the crowd recovered efficiently from its own errors, fixing 86% of them in under 10 minutes. However, the crowd was hopeless against a determined attacker. Before the first attack, our progress on the fourth puzzle had combined 39,299 moves by 342 users over more than 38 hours. Destroying all this progress required just 416 moves by one attacker in about an hour. In other words, creation took 100 times as many moves and about 40 times longer than destruction. [Emphasis added.]

First place was taken by a team of three using custom-designed software. They were far less vulnerable to invasion than we were with our oh-so-open platform. A few days after the contest had ended, our attacker emailed Cebrian from an anonymous address, admitting that he or she belonged to a competing group. They claimed to have recruited individuals through…

Guess which notorious site they recruited them through.


Malicious ads on major websites held users’ files to ransom >> Engadget

A widespread attack has exposed millions to malware that holds files to ransom. The campaign, which was first detected a month ago, placed fake adverts on websites such as Yahoo, AOL and The Atlantic that installed so-called “ransomware” onto a victim’s computer. The attackers stole assets from the likes of Case Logic, Bing and Fancy in order to make the malicious ads appear real, but once a computer becomes infected, things get very bad, very fast, for victims.

The ransomware – named CryptoWall 2.0 – uses Adobe Flash to exploit browser vulnerabilities, installing itself on the affected computer.

Two avenues: malvertising, and Flash. Advertising is always going to be a risk; Flash, though, you can do something about. Like removing it. You don’t have it on your phone, after all.


Mobile in China — the year of the looking glass >> Medium

Julie Zhuo:

The strangest thing about iPhone usage in China was how most people had accessibility mode turned on. In other words, a persistent tab was always covering some part of the screen, though you could move it around along the edge. I wasn’t aware this feature even existed, but apparently you can use it to avoid having to use the power and home buttons. Baffled, I asked my cousin why this option was so commonly turned on. She said it was because people were concerned about their home button malfunctioning (apparently it’s enough of a meme that multiple people I talked to cited this reason) and as repairs are expensive they’ve resorted to not using the hardware buttons altogether.

I’ve seen this too (in Dubai) and the reason given was the same. (Personally, I’ve used lots of iPhones and never had a home button fault, but if repairs are expensive..) The Accessibility function is in Settings -> General -> Accessibility -> (scrolllll dowwwwnnn) AssistiveTouch -> (turn it on).

Plenty more to digest (not Apple-related) about the world’s biggest smartphone market, China, in this great post.


Facebook offers life raft, but publishers are wary >> NYTimes.com

David Carr on Facebook’s suggestion to publishers that they just publish stuff directly into Facebook itself, and do a revenue split on the adverts shown there:

It reminds me very much of those times when other digital behemoths tried to persuade content providers into letting them host the publishers’ content. In the early days, when AOL was dominant, the service preyed on the publishers’ fear that if they didn’t put their content inside the walled garden of AOL, their content would be invisible. That strategy benefited AOL in the short run, but no one prospered in the long run.

And I remember a visit to Google when Sergey Brin, a founder of the company, and some of his colleagues talked about how clunky most news web pages were — sound familiar? — and offered to host content with quicker load times and a revenue share. That went nowhere fast.

Once companies reach a certain scale online, they have a tendency to decide that while they love the Internet, they would like a better version. And, oh, by the way, they should run it. (All considered, Apple has already pulled off that trick, creating a private enclave of apps that it controls.)


Introducing Fire TV stick >> Amazon Media Room: Press Releases

Apart from “DUAL-CORE 1GB RAM 8GB STORAGE DUAL-BAND DUAL ANTENNA” (none of which will mean anything to the average person; Amazon is clearly aiming at the geek buyer who goes for the Chromecast), I found this interesting, about the inclusion of a remote control:

Customers have told us they want to use a remote control, not just their phones, to watch TV. Now, everyone in the household can watch movies and TV shows without borrowing your phone—use the included remote to easily navigate and discover movies, TV shows, apps, and games.

The impossibility of killing the remote control is one of those factors about internet TV that makes it so hard to do well.


Apple’s iPhone 6 Sales outpace Samsung Galaxy Note 4 in South Korea >> Chinatopix

The three South Korean carriers all reported strong sales, with the end result after one day being more than 500,000.

Compare this to the Galaxy Note 4’s 30,000 sales at the same time point, it is clear why some analysts are pointing to Apple’s final push into South Korea, after years of being shrugged off by the country, in favour of their own homegrown brands.

KT were the first carrier to start selling the iPhone 6 and iPhone 6 Plus, reporting 10,000 sales in 1 minute and 50,000 sales in 30 minutes. SK Telecom, the largest carrier in South Korea, gave even more praise to the early sales of the iPhone.

This is not good news for Samsung, which can normally rely on the Galaxy smartphones to come up big in South Korea. The Galaxy S5 was shunned in South Korea, in favor of the LG G3, which outsold Samsung’s flagship 3 to 1 for most of the year.

Did not know that about the G3. LG has really shown how to turn a phone business around.

Meanwhile, the Note’s apparently slow sales have to be seen in context: Samsung has been selling them since 2011, so you’d guess that anyone who wants one likely has one already.

Even so, likely to be a few high fives about this in Cupertino.


Leaked Rite Aid docs say Apple Pay may never come >> SlashGear

Here is the text of the alleged internal memo:

Please note that we do not accept Apple Pay at this time. However we are currently working with a group of large retailers to develop a mobile wallet that allows for mobile payments attached to credit cards and bank accounts directly from a smart phone. We expect to have this feature available in the first half of 2015.

If customers attempt to pay for a transaction with Apple Pay, a message will prompt both customer and cashier for a different form of payment. Please instruct cashiers to apologize to the customer and explain that we do not currently accept Apple Pay, but will have our own mobile wallet next year.

This is going to fail, not because Apple Pay is somehow magical, but because hackers will target the woeful security of CurrentC (ugh, the name) – which uses QR codes and insists on direct access to the customer’s current (not credit) account, and stores customer details.

It’s hard to believe that there’s been a real security audit of CurrentC. Perhaps they’ll publish it.


Why I don’t trust copypaste >> Securinti

I was talking to a good old friend when I accidentally hit ctrl-v instead of ctrl-c. Normally, this would be no big deal: I’d immediately notice my mistake and correct it. My friend wouldn’t notice anything.

But things went different this time. I was working on a photoshop project earlier that day. The data stored in my clipboard was not clear text, but an image. Facebook seems to treat images in a different way: it sends them right away, without having the need to press enter or “send”. Long story short: I sent my friend some image data from a project I’ve been working on. Not a big deal, or is it?

It is.


Why @Evleaks is giving up reporting phone scoops >> The Next Web

Evan Blass (aka phone leaker Evleaks)

These matters are always somewhat complicated, but like many things, it mostly comes down to money. Trying to monetize a stream of Twitter leaks is not easy. First I tried monthly sponsorships. Then weekly. Then single sponsored tweets. I took donations — felt like online panhandling.

I also started a website, and it’s actually done somewhat respectably, but with all the leaks going out on Twitter anyway, people have little incentive to visit, and most of my tech-savvy-heavy audience seem to be pretty heavy ad-block users, as well. It all adds up to an unsustainable living, and with a progressively worsening disease [Ed; Blass was diagnosed with multiple sclerosis], I need to make sure I can prepare myself better for the future, financially.

Best wishes for a lasting treatment for his MS.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s