I ran into an interesting, and troubling, situation today where some folks I know received an email informing them that their domain was being used in a DDoS attack on a website in Australia.
The really weird things was that the website listed in the complaint email was one they had never heard of.
At first glance, it appeared to be some kind of fishing email. But, upon digging further it turned out that the domain the complaint named was indeed listed under the address and phone number of my associates for technical, organization, and billing contacts. Only the email address was different (clearly a one-off yahoo mail address).
Someone had lifted the contact information of my associates from, either one of their legitimate domain registrations, or from their corporate site and used it to register a domain at Yahoo! Domains. The domain was then used in a DDoS attack and the blame (at least initially) fell on my associates.
There is no reason that whoever was behind this could not have inserted my associates corporate email too, leaving no trail at all (especially if they uses a stolen credit card number for the transaction, as I suspect they did).
With enough domains falsely registered under a single company's contact info, not only could a DDoS service be launched, but the spoofed company could end up spending a tremendous amount of time clearing their name and getting rid of the spoofed domain registrations. A double DDoS. One virtual. One real.
I have to admit, I'm actually surprised I haven't heard about this being a widespread problem...it certainly seems like it could easily and quickly become one.
I must give a plug for Yahoo here ...once contacted they quickly shut down and canceled the domain and promised to investigate further.
For the past two days ads have been popping up all of the interwebs, on TV and (reportedly) in print for some new series called Scarlet. Check out the website and trailer. The Web site is very high quality, the ads are on expensive sites (Yahoo, Gizmodo, others), the video is of good production quality and shows up in the usual places, and they list decent actors (Natassia Malthe) and a good director (David Nutter).
Yet the voiceover and actual shots are super cheesey and over the top, it lacks most of the critical details (no network listed), and the trailer scenes seem to make no sense at all (not in a mysterious way - just in a thrown togather randomly way).
It is so obviously a fake or spoof that I have to assume it's a viral ad for something. What amazes me is that no one has leaked what it's for. Despite it's cheese factor, I think it;s going to work. I can't wait to find out who's behind it and whether a (seemingly) large amount of cash and a good lid on leaks can generate guaranteed buzz. I think it can...
I have run into more than a few legal puzzels in my time that would be completely straightforward...until "the Internet" is dropped into the mix.
One that crossed my mind recently is the legality of recording phone calls when using GrandCentral.
Normally, as long as one party to the calls knows about the recording it is legal (so if one of the parties initiates the recording, notification is defacto). This is the federal statutory requirment, and the requirment of most states.
However, some states require both parties to be notified (which is why you get the message about recording for "quality assurance" purposes during many business calls). California is one of these states.
Now, lets say I use an internet based phone system like GrandCentral (a Google beta service) and my GrandCentral Number is a California area code. Anyone who is calling me would assume they are calling California and that California rules would apply. But, GrandCentral has a recording function that works just fine without notification, even calling a California number. And, in fact, the call may never be completed anywhere near California. It gets handled by GrandCentral and may ring my mobile (or landline) phone anywhere in the world. Maybe I take the call in Alaska (no two party notification requirement). Am I breaking California law if I record it? What if I take the call in Singapore where I could go to jail for recording...? But, of course, the actual recording is taking place at a Google facility - who knows where? Maybe the facility is in California (breaking the law?). Maybe it's in New York (no two party requirment - so is it legal?). Who the heck knows? Nobody...that's who.
We can toss this on the heap of stuff that will not be decided without a test case in every state and every Federal district.
It also would make a good addition to the Internet law book I'll never write.
I used to use a great plugin for Outlook called "Lookout" that handled the indexing of my email and files (local and network).
It did super fast searches, used very little resources, and was free. It was a Microsoft beta program and was only around for a few years. They got rid of it when they incorporated search into Vista.
The problem with Vista's search (as well as Google desktop search) is that when the file set get large (3+GB email and 100GB's of files) it uses up a ton of resources and slows things down to an unacceptable degree. Neither MS or Google desktop search is all that standout on indexing network files either.
Man, how I miss Lookout!
That why I was so excited to read in TechCrunch about a new indexer (and much more) called Xobni ("inbox" backwards - oh how these email search apps like the backwords spelling!), now in beta and about to be aquired by Microsoft. It looks like a lightning fast indexer, with catogorization, meta data, threaded discussions, and web-lookup thrown in.
Oh, how I want this!!!
I'm hoping to start the beta soon!
Our agency has a great new communications channel devoted to our e-Strategy online practice. David Erickson, our very own in-house SEO maestro, online communications guru and fellow e-Strategy Director, put it to gather to illuminate new thinking in online communication and marketing, and to showcase the stellar talent and services we bring to bear on behalf of our clients every day.
Check it out today - and keep checking it out day after day! (Heck, add it as a feed now!)
Plus - it's getting me back into my blogging groove. Go blogging groove!!! Go!!!
Wikiscanner has been getting a ton of attention lately. With articles cropping up all over the place detailing editing "abuses" by corporations, the government and PR firms. When you look over these articles or, perish the thought, actually use wikiscanner yourself, you end up finding that abuse is fairly rare. Most cases of changing articles are factual in nature.
However, there seems to be a very vocal group of folks who think that any change in wikipedia information by a corporations/government agency or a public relations firm is taboo.
I think this is crazy!
Wikipedia is about creating the most expansive base of factual knowledge possible. The plain fact is that, often times the people with the most depth of knowledge on a topic are people who work at - or work for - the entity that the facts describe.
If you want to exclude information about the CIA just because it comes from a CIA employee you will possibly exclude the most accurate and timely information. The same is true about a General Motors product being described by a GM employee, or a James Blunt entry being edited by James Blunt's PR agency.
I have no problem with full disclosure. Editors should let folks know their background in their profile. And this is especially true if they have a connection to the topics they are editing. And people should not be entering opinion, or "edited backstory" about their corporation/agency/clients. But facts should not be excluded from them based on thier emplyer. In reality, facts should be demanded of them.
To decry editing from classes of people that may have usful information to add should be considered antithetical to wikipedia's mission. To claim otherwise is to lock up knowlege based purely on ad hominem grounds. And that's a ridiculous waste.
I recently had the following scenario related to me by a good friend of mine: Someone sent out at our company yesterday a broadcast e-mail to everyone in the corporation asking if they had a recommendation for a specific situation. It happens occasionally. Someone else replied to all with a specific suggestion. She should have replied only to the sender, but not a big deal. Then someone else replied to all asking to be removed from this list (possibly facetiously, possibly not). Oh, my, the results were entertaining. In the end, more than 75 e-mails were sent to everyone in the company, each one a variation of: Their IT guy estimated approximately a half a million e-mails were generated internally. My friend estimated that, even if each email took only 1 second for people to look at and delete, there were still 17 working days lost cumulatively to this email chain. It really underscores how modern tools - in this case email - aren’t always all that modern anymore and are, at least in some cases, not even the right tools for the job... Imagine if employees had specific spaces on their corporate intranets where teams could outline problems with members who would likely have the knowledge and background to solve them. Imagine if employees could post a request for information in a common area devoted to the kind of knowledge they were seeking. Then other employee, who had something useful to contribute to solving the problem, could discuss the situation in a threaded discussion. Imagine if solutions could be presented in these spaces in a format that could be easily tagged, searched for, and even modified in the future as others refined the processes and added to the base of knowledge. But, of course, no imagination is really necessary. All these tools exist - and a few forward thinking companies have already implemented them. Now all those companies need are enough forward thinking employees to really make them work. Much has been made about the Web 2.0 revolution and the rapid rise of social media over the last two years. And, while the public social-media-scape makes general social relationships easier to form and maintain (and will surely generate some new Web-billionaires in the process), the real economic promise of the Web 2.0 revolution is going to come from within corporations. I truly believe internal social collaboration and sharing is the next big productivity step about to be taken by companies that rely on knowledge workers. The key, of course, is to get those knowledge workers to “get it” and contribute their private-knowledge base into the whole public-knowledge base of a corporation where it can mix with other’s contributions creating a “force-multiplying” effect. Employees need to realize that the old adage about money is now just as true about time…It takes time to make time. A little time spent by a few folks on an internal social-media site (perhaps a blog, wiki or discussion group) would have saved a company 17 days of worker productivity. Imagine the bright future for the first few companies with employees who really get that!
Webware had an interesting article on whether to go with Twitter or Pownce for your nanoblogging* needs.
The article's obvious answer was "whatever service all your friends are on". Which makes a lot of sense.
For me, the obvious answer was Twitter - because I'm only going to update it frequently if I can text in my updates.
But then author Rafe Needleman hits me with the big gun, and realization dawns...
"...give Pownce a serious look, especially if you're thinking of using it in a work setting. With Pownce, you can easily set up a group of contacts, and use the service to keep co-workers up to date on what you're doing as well as the latest versions of documents you're working on. Also in Pownce, replies to particular nanoblog entries are easily tracked in their own threads, on their own pages. If something you write starts a discussion, it's much easier to keep track of what people are saying than it is on Twitter. Again, this is a great feature for business users."
Pownce is a business tool!!!
Agency wide info...No Problem! Team updates...No Problem! Place-independant access to working documents...Again, no Problamo!
And so now, it all makes sense to me (it might even make the IM clamor-crowd happy! Mmmmm...).
(Now we just need the agency Facebook up and we'll really have some crazy integration!)
*Twitter/Powce/jaiku = "Nanoblogs". Well coined, mystery word coining person!
Earlier this morning I was thinking about the "Digg Riot" that happened last night. Digg executives received a cease and desist letter from lawyers from AACS (the HD-DVD DRM encryption folks) asking Digg to remove items refencing decryption keys. And, fearing they would be sued out of existence, Digg complied. The reaction to Digg removing the initial messages and then removing additional messages critical of the initial deletion was swift and massive, flooding Digg's front page with user promoted items containing the encryption keys and trashing Digg's decision.
At first I was fascinated by how quickly the fortunes of a popular social media site were shifted through action taken by the very people that made up its social group. That in itself would have been fodder for me declaiming on and on for a good week. But, what really struck me was the way Digg founder Kevin Rose reacted the the riot:
"We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code," he wrote. "But now, after seeing hundreds of stories and reading thousands of comments, you've made it clear. You'd rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won't delete stories or comments containing the code and will deal with whatever the consequences might be. If we lose, then what the hell, at least we died trying."
It was a brilliant PR move (at least as of 2:30am the next day). It could not have been planned better (hmmmmm...?).
Think about it...
-
Digg relies solely on its user's to promote items appearing elsewhere on the web. Its business model is 100% reliant on its user's actions. If enough of its users act in concert (and DRM seems enough to initiate such mass action) they can cause Digg to display whatever they want.
-
Digg can never truly eliminate the publication of AACS keys, because users can keep adding them. Digg can only react after the fact.
-
Digg cannot control the masses flooding the site with anti-Digg items, if the masses are angry enough to do it. The Digg community could keep this up as long as they wanted to. There was no way they could win against a backlash and still keep a profitable company going.
-
There was nothing worse the AACS lawyers could do to their business then what the Digg community itself could do.
But, with Kevin Rose's post the situation clears up considerably...
-
Digg looks very responsive to their users. Responsive to the point of seemingly (maybe really) risking thier business. They solidify loyalty
-
If the AACS lawyers do come after them Digg has already framed the fight as David versus Goliath ("You'd rather see Digg go down fighting than bow down to a bigger company."). And the odds of that are exceedingly slim anyway. With hindsight they could see that thousands of other sites were in the same boat legally and Digg had no additional liability that would make them a more attractive target. In fact, there has been little case law on this topic and the publication of the keys may not, in itself, be found in violation of the DMCA since there are legitimate non-infringing uses of the keys (including uses that fall under LoC exemptions to the DMCA).
-
Digg's users quickly went back to digging the same sort of stuff they did before (gas prices, calls for impeachment, and gladiator graveyards). The riot ended, and almost all of the DRM stuff and AACS keys end up off the main page.
-
The stuff Digg pulled from the site before never came back. Without new diggs it didnot end up restored.
-
Digg (and Kevin) come up looking like roses to the people who will make their business work (or fail) in the future.
-
They take only a very minor legal risk to do it.
Brilliant!
I heard the greatest term in a business meeting the other day...
"Zeus Jones!"
Apperently it means an unusual juxtaposition.
Like, "Wow, seeing Tommy Chong and John Ashcroft having dinner togather last night was so Zeus Jones!"
Recent Comments
-
seabassdesigns said:
It's a viral ad for the Scarlet video camcorder. Go to www.red.com. There are two items of focus, the RED... read more
on What the heck is Scarlet...? -
Likescookies said:
Oh, and I know this isn't really the point of the story, but the math in the posting may be... read more
on The Perils of Corporate Email -
Likescookies said:
The trick (a trick, anyway) with knowledge management is that it has to be designed in a way that will... read more
on The Perils of Corporate Email -
perfectporridge said:
[this is good]Thanks for moderating, Pat! Was definitely a fun panel! -G. read more
on Journalism and the Effect of Emerging Technology
Turns out it's not actually a viral ad for the Scarlet RED camera (which is something I have actually been... read more
on What the heck is Scarlet...?