Start Up: where the spammers have gone, awful volume!, 2FA at 50%, fight like a Canadian, and more

Google’s Shopping service (not this one) is in line for a big fine. Photo by g3rswin on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Google faces big fine in first EU case against search practices • FT

Rochelle Toplensky:


Google is braced for a fine of potentially more than €1bn from Brussels for abusing its market dominance in search, a sanction that would have far-reaching implications for how the company operates online.

The EU move, expected in the coming weeks, will accuse the company of using its near-monopoly in online search to unfairly steer customers to its own Google Shopping service.

The bill could top the record abuse penalty of €1bn handed out to chipmaker Intel in 2009, according to two people familiar with the case. The European Commission and Google declined to comment.

The decision in the Google Shopping case would be just the first of three competition claims against the company being investigated by EU authorities.

It would mark the first sanction by a leading competition regulator on the way Google operates.


The investigation was announced in November 2010; but the problem had been written about since at least August 2009, as Richard Wray explained:


A British husband and wife team have been waging a three-year battle to get their price comparison website recognised by Google in a saga that sheds new light on the power of the world’s largest search engine directs shoppers to online deals for goods such as TVs or flights, but has struggled since one day it suddenly disappeared from Google search results for these categories.

There is no evidence that Google is in any way being dishonest or unfair in the way that it ranks such websites, but Foundem’s fight to discover what happened has highlighted the ever-growing influence of its mysterious search algorithms.

Many consumers believe Google’s search engine works on a formula that was created by founders Sergey Brin and Larry Page and that was that: they set it running and the rest is history. In fact, as those in the internet industry know, Google carries out regular “tweaks” of its algorithm. About 450 a year in fact. When they are made, the sheer scale of Google – it has an estimated 90% market share in Britain – means these can have huge and often unintended consequences.


Despite everything Google will say, it’s not as if the EC has hurried into this. Some of the fine ought to go to Foundem, really; it was the first complainant which triggered the whole investigation.
link to this extract

The Nigerian spammers from the 90s have moved on to keyloggers and RATs • Bleeping Computer

Catalin Cimpanu:


According to MalwareHunter, who spoke with Bleeping Computer in a Twitter conversation, most of these attacks are carried out by groups of hackers based in Nigeria. MalwareHunter puts the number at “about 65-70%” of all the campaigns they find.

Those that know how the cyber-security landscape has evolved in recent years will not be surprised. Nigerian cyber-crooks have evolved from the silly email scams they were pulling in the 90s and early 2000s to using more complex tools and tactics.

Nowadays, these groups of Nigerian hackers, called “yahoo boiz,” “waya waya” or “G-work” in their local communities, are using clever spear-phishing emails to trick victims into installing keyloggers and RATs.

This trend of evolution in the Nigerian cybercrime landscape was noticed by the SecureWorks team last August, and detailed in more depth in a report called “Wire Wire: A West African Cyber Threat“.

Similarly, this week, Kaspersky also discovered a group of Nigerian hackers targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.


link to this extract

Redditors design worst volume sliders possible • Designer News

Lots of wonderful(ly bad) ones, though I think this may be my favourite:

link to this extract

Americans, password management and mobile security • Pew Research Center

This will mostly reinforce what you thought about how people use passwords:


There are relatively few demographic differences when it comes to how internet users keep track of their passwords. Within every major demographic group, a majority says that memorization is the password management technique they rely on the most – and the differences that do exist on this subject tend to be relatively modest. For instance, those under the age of 50 are more likely than those ages 50 and older to primarily memorize their online passwords (72% vs. 55%), while older users are more likely to say they primarily write their passwords down on a piece of paper (27% vs. 13%). But otherwise, users of all ages manage their online passwords using largely similar approaches.

Those under the age of 50 are especially likely to indicate that their online passwords are very similar to one another: 45% of internet users ages 18 to 49 say this, compared with 32% of those ages 50 and older. And younger adults are especially likely to share their passwords with others: 56% of 18- to 29-year-old internet users have done so.


But then there’s this:


Many sites rely on individuals to choose strong passwords as the first line of defense for their online accounts, but there are other technologies that aim to improve – or in some cases replace –the password itself. The first of these techniques is known as “multifactor” or “two-factor” authentication. The “factors” are typically something the user knows (such as a password) plus something the user possesses (like a code sent to their smartphone). Nearly half of internet users (52%) say that they use this type of multifactor authentication on at least one of their online accounts.


I’m amazed that half of users use 2FA at all. I’d have thought the figure would be far smaller.
link to this extract

Prices for fake news campaigns revealed • BBC News


In its report, Trend Micro looked at Russian, Chinese, Middle Eastern and English language sites offering all kinds of services based around manipulating social media, search engines and news organisations.

The services on offer included:
• Creating celebrities
• Sparking social unrest including demonstrations
• Discrediting journalists
• Putting sustained pressure on elections or political parties

Some of the services profiled gave very detailed breakdowns of what could be done to influence political debate or manipulate the media.

The $50,000 (£39,000) cost of discrediting a journalist involved fake news stories contradicting the target’s articles promoted via paid upvotes, likes, retweets and comments. It also involved tens of thousands of bots swamping a target’s Twitter feed with malicious comments or posting strongly critical comments on stories.

“It’s never been easier to manipulate social media and other online platforms to affect and amplify public opinion,” said Trend Micro spokesman Bharat Mistry.

Key to making the campaigns work, said the report, was creating stories, posts and discussions that “pander to its audience’s ideologies”.


Cue jokes about “that much to discredit a journalist? I’ll do it myself” etc.
link to this extract

Advanced CIA firmware has been infecting Wi-Fi routers for years • Ars Technica

Dan Goodin:


Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That’s according to secret documents posted Thursday by WikiLeaks.

CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect. In all, documents say CherryBlossom runs on 25 router models, although it’s likely modifications would allow the implant to run on at least 100 more.


Not surprising in some ways: most routers run a stripped-down version of Linux and don’t get updated (especially against security hacks), so find a vulnerability and you’re pretty much guaranteed it will work for ages.
link to this extract

Apple’s Tim Cook on Donald Trump, the HomePod, and the Legacy of Steve Jobs • Bloomberg


Megan Murphy: You’ve talked a lot about augmented reality at the heart of the company’s future. How do you see AR moving forward?

Tim Cook: I think it is profound. I am so excited about it, I just want to yell out and scream. The first step in making it a mainstream kind of experience is to put it in the operating system. We’re building it into iOS 11, opening it to developers—and unleashing the creativity of millions of people. Even we can’t predict what’s going to come out.

There’s some things that you can already get a vision of. We’ve talked to IKEA, and they have 3D images of their furniture line. You’re talking about changing the whole experience of how you shop for, in this case, furniture and other objects that you can place around the home. You can take that idea and begin to think this is something that stretches from enterprise to consumer. There’s not a lot of things that do that.


He doesn’t see eye-to-eye – at all – with Trump; clearly he’s just going to work around him.
link to this extract

Global coal production sees biggest decline in history • TreeHugger

Sami Grover:


Global coal production fell by 6.2% last year. That’s the largest annual decline on record. Consumption was down, too, for the second year in a row, falling 1.7%.

Those are two big takeaways from this year’s just-released BP Statistical Review of Energy—a report whose launch press release is appropriately titled “Energy markets in transition.”

In many ways, we shouldn’t be surprised. From the UK’s first coal-free day since the Industrial Revolution to India halting coal plant production in the very near future, the bad news has been coming thick and fast for coal over the last few years. Indeed, the report shows that the shift away from coal is as decisive as it is widespread, with the UK consuming 52.5% less in 2016, the US dipping 8.8%, and China’s consumption dropping 1.6%, too.


These are big changes, and they’re likely to accelerate. Five years ago, people were expecting a boom in coal use.
link to this extract

Privacy watchdog launches investigation into data use during Brexit campaign • FT

Nicholas Megaw:


The UK’s data protection watchdog is launching a formal investigation into the use of personal data for political purposes, amid growing concerns about big data’s impact on recent elections including last year’s Brexit vote.

Elizabeth Denham, the information commissioner, said in a blog post published today that “it is important that there is greater and genuine transparency about the use of such techniques to ensure that people have control over their own data and the law is upheld”.

The Information Commissioner’s Office began “assessing” the risks data analytics pose under data protection laws in March, amid concerns including the reported role played by data analytics company Cambridge Analytica during the Brexit campaign.

The ICO has previously confirmed that it had “concerns” about the company’s reported use of personal data.

Cambridge Analytica, which counts Donald Trump’s chief strategist Steve Bannon as a former boardmember, has denied any wrongdoing. In March it said it is “completely compliant with UK and EU data law”.


Be interesting to see how long this takes, and how public its decision is.
link to this extract

The art of Defendo, or how to fight like a Canadian: ‘Destroy them. Don’t feel sorry for them’ • National Post

Joe O’Connor with the story of Bill Underwood, who created two western martial arts: “Combato” and “Defendo”. A story worth your time:


John Ferris was 15-years-old, athletic and apprehensive, upon meeting Bill Underwood for the first time, at the old man’s self-defence academy in Toronto’s east end. Underwood was in a white undershirt, dress pants and stocking feet. He wore owlish glasses with black frames and looked like an 84-year-old Grandpa, with a stick-out belly, long arms and a kindly way. When he spoke, his accent betrayed his British roots, while his preference for tea — two bags to a cup — did not hint at any internal menace or capacity to cause grave bodily harm. 

“Bill was a short old man,” Ferris recalls. “The first time I was introduced to him he came right over, and it was as if he wanted me to know that it didn’t matter that I was young — I still didn’t stand a chance against him. And then he put me down, hard and fast, and I remember saying, ‘Bill, that really hurts,” and Bill said to me: “Don’t worry. Nothing is going to break.”” 

So began Ferris’ stint as a human rag doll, with suitably flexible limbs and forgiving bones that an octogenarian, in glasses and an undershirt, would wrench and twist and throw about gymnasiums and church basements, demonstrating his craft.

“Bill was a showman,” Ferris says.

He was that, and more.


link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.