Oblomovka

2002-09-10»

Within a few hours of posting the correction to ZDNet's article on drive-by spamming, Adrian Wright, the original misquoted expert, e-mailed me. "Saw your comments on Oblomovka. Not exactly professional behaviour for a Sunday Times stringer", he wrote. I asked him what he thought was unprofessional. As yet he hasn't replied.

Meanwhile, the original misquote is already beginning to spread. News sources like ZDNet are seen as authoritative sources online and off. From miscellaneous Slashdot posters to Professor Ed Felten, there are now people who cite the piece as proof that there are recorded instances of drive-by spamming.

As far as I know - and more importantly, as far as Adrian Wright, the original source, knows, there exists no such evidence. The lead to the story, "'Warspammers' are taking advantage of unprotected wireless LANs to send out millions of junk emails" is simply not true.

Terry Schmidt, of NYC Wireless wrote independently to the ZDNet UK journalist, Graeme Wearden, asking in the light of the new comments by Adrian, admitting that he'd never seen a case of drive-by spamming in real life, ZDNet would correct the original story. Here's what Graeme wrote:

I asked Wright if he would like me to change anything in my story - he didn't.

I think that's because, even if he did say 'could happen' rather than 'is happening' (and sitting in the middle of that audience, I thought he was discussing something that is taking place, and that's what I wrote down), Wright thinks it very likely that drive-by hacking is occuring.

That looks like the truth. But it's very different from the original story. That article - still being spread, still being read - continues to mislead people into believing drive-by spamming is happening right now, and that Adrian Wright had seen it happen.

Misinformation like this has consequences. It encourages people to believe that having an open network is an uncivil thing to do; that they should cower in fear at the spammers stalking the streets, looking for outlets. It encourages people to believe that the only solution to their fear, uncertainty and doubt is to to hire security consultants with experience of this rampant menace. And the more the original misleading article sits there, the further the misinformation spreads.

This seems to be the opposite of what a journalist should do; and the opposite of what a security consultant is paid to advise. I'm not sure who is to blame here: but if anyone is being unprofessional, I don't think it's me.

2002-09-06»

Quote from Adrian Wright, the expert "quoted" in a ZD Net story which claimed spammers were using open WiFi points to send "millions" of unsoliticed e-mails :

It seems I've been everso slightly misquoted in that I actually said 'could' in this presentation. i.e. "These people COULD simply drive up to a building armed with their... Apart from that it looks like a good story!

Although I know of no hard evidence that this practice of wireless drive-by spamming is taking place, I would be surprised if it was not happening - given the increasing difficulties spammers face in retaining legitimate ISP access - within the more developed nations anyway.

My emphasis. In other words, "drive-by spamming" is still a something that some people endlessly predict will happen if you leave your AP insecure, but of which no record exists in the wild.

Adrian also said that drive-by spamming had been covered many times (true) and ZDNet was one of the most prominent new sources documenting the existence of this practice. Wait - you're using as an authority the very organisation who completely misquoted you? On the same topic? Is that wise?

2002-09-05»

Hmm. C|Net ZDNet UK is reporting that "millions of mails" are being sent by people who pull up to open wifi networks, and use them to anonymously spam.

Okay, I'm suspicious. Spamming through open networks was always a theoretical possibility (indeed, I remember people referring to drive-by spamming almost as early as wardriving was coined), but I've never heard of it happening in the wild. I've just left a message with Adrian Wright, the British security expert quoted in the article, to see if he has any concrete cases. I suspect either either he's pulling the examples out of his imaginary analyst hat, or he's been misquoted.

2002-09-04»

I'm not sure, but I think Americans believe more fervently in the saving grace of the almighty Law than the British. I occasionally reel off dozens of fantastically repressive UK laws (including the one that forbids gatherings that include "the emission of a succession of repetitive beats") to looks of perfect horror here. Then I end it all by saying "Of course, no one pays any attention! Ahahaha!", and watch everybody fall off their seats. In the US, there's a background buzz that nothing keeps your neighbour in check but the letter of the law and the iron force of the Constitution. Gotta keep the rule of law, or society will collapse in a hail of gunfire, trespassing, double-parking and moider. There's no pity for those who break the law. In Britain it's much more "Okay do what you want - but try not to get caught, alright?"

I've grown far more sympathetic to the American line over time, but I've never seen anyone state the alternative position quite as elegantly D² Digest. Bit too elegantly, in fact. If you read his work - including the entry on why Lessig is too damn sincere, and why drug laws don't work, and why we should keep them - you could conclude that they're the careful posings of a Economista Angry Young Arse. Not surprising - if you're going to insist that bad laws can have good effects (or Antinomialism, as he calls it), it always helps to be nice young Oxonian who can probably talk your way out of a tight corner with a Christchurch-educated judge when the need arises. But at least he's not a libertarian Angry Young Arse, right?

2002-09-03»

"Kinda public beta": official RSS feeds of the BBC News site.

RSS feed of the front page
RSS feed of technology news
RSS feed of UK news
RSS feed of World news

Aha! Mozilla 1.1 supports LINK tags out of the box - try clicking on the "View..." menu option then "Show/Hide", "Site Navigation Bar", and finally "Show Only As Needed". On sites that support it, a little mini-toolbar of navigation links will pop up at the top of the browser window whenever Mozilla spots them. You can also discover which sites have RSS feeds, thanks to Mark's RSS link suggestion (they'll be hiding under the "More" folder).

This feature's been in Mozilla builds for a while, but they never had any GUI options for it because slowed down page loads. I wonder if that's fixed? I'm still not sure I like it - ironically Mark's addition means that it pops up on more sites than it's really useful. In those cases it does eat a fair bit of real estate, and is a bit of a distraction.

Stuck for what to say on your livejournal today? Just enter "girlfriend" into the automatic journal entry generator. Also available in Polish.

Even though she seemed much better she still wasnt sure how much longer shed be around-and this was something that we were all aware of but didnt dwell on. She has the gift of making you love her even though she drives you totally batshit :> It was totally cool to be able to provide so much pleasure even though im just lying there and enjoying the feeling and the show ;> Its pretty sad that this is the only way i seem to be able to get along with my supervisors... Everytime i try to get along with him he does or says something to piss me off. Nice boy and im glad he and jo are such good friends but we differ in too many ways to get along. You amaze me and im glad were both on the same level! Some are on the same page as my good ones.