Last summer, I brought you the story of how the Domain Name System (DNS) was under threat and how many of the world’s top tech companies were working together to solve it. Unfortunately, not everyone has updated the software on their servers to fix this flaw. While it’s not as big of a threat as it was last summer, it still poses a danger to the web. Almost a year ago, I explained a flaw in the encryption system that you use to securely connect to online banking sites and to safely purchase goods from Amazon, eBay, and many others. Today there’s more news about ways for that encryption (https) can fail.

The new attack is what’s known as a “man in the middle” attack. What this means is that some evildoer, or someone who just wants your money, watches your network and waits for you to go to your bank’s website. When you do that, the evildoer inserts himself in the middle of the communication and can start adding to the information that’s going back and forth. This allows him to do all sorts of nasty stuff from stealing your online banking information to tricking your browser to download malicious software onto your computer. Ideally, this is one of the things that the encryption is supposed to prevent. If all the communication between you and the server is protected with encryption, no one can insert themselves into your conversation. However, there is a flaw in the design of the protocol which allows this to happen at a crucial moment.

The flaw was came to prominence a few weeks ago, but many researchers said that the flaw was so difficult to exploit that it wouldn’t be a serious security threat. Then, a few days ago, a Turkish student used the flaw to steal some user names and passwords for Twitter. Fear not, he was not being malicious, but simply proving to the security community that this is a serious flaw that needs to be taken seriously instead of simply being dismissed. Twitter has since made changes to prevent the same thing from happening again and industry groups have begun meetings to determine a more permanent fix for this problem. These meetings have been going on since September, but it’s unclear if a solution has been found yet. This, like the other security problems I’ve written about before, will be fixed soon, but it will take a long time for the fix to go into wide use. It’s also a reminder that even our best and brightest will make mistakes sometimes with wide ranging impacts on our economy and the way we communicate.

image by http://www.flickr.com/photos/23905174@N00/

I think this qualifies as old news at this point, but I wanted to talk about it anyway. Back in March was the Game Developer’s Conference (GDC for short) in California. It’s a week long event that show cases the state of the art in game development. People come from all over the world to hear the best in the industry explain how they’re doing all the cool stuff they do. It’s also a chance for companies to recruit new employees and show off new games and technology. There were a lot of cool and not-so-cool things that came out of GDC this year, but one that got a lot of attention is OnLive. OnLive is a service where you buy games that run on the company’s servers. You have a controller at home and the button presses get sent to the server. The server does all the hard work that your computer or Xbox usually does and then sends the video back to you kind of like YouTube. The idea is that it will allow people to play the newest games without shelling out big bucks for a high end computer. Plus it would eliminate piracy in games because they all run sever side.

This isn’t an impossible dream and it’s something that I think is likely to happen eventually. However, several other companies have tried this in the past and failed pretty badly. There are 3 big hurdles that I see standing in the way this time just like they have in the past: attracting publishers, latency, and bandwidth.

The play experience (see latency and bandwidth below) has to be good before many publishers will sign up to release their games on the service. It’ll also be a hard sell to publishers before many gamers sign up for the service and it’ll be a hard sell to the gamers before many publishers sign up. Most consoles make it past this chicken and egg problem, though, and I imagine OnLive can, too. As publishers get more concerned about piracy and gamers come out more and more vocally against DRM in their games, options like this will become more attractive to both sides as a good middle ground. OnLive currently has a lot of good press and appear to be much farther along than previous companies were. So I think they’ll have a much easier time selling themselves to gamers and publishers.

Now to the harder problems: latency and bandwidth. These are the two measures of the network connection you have at home. Think about sending a letter to a friend. Latency would be how long it takes for the letter to get from your house to their hands. Bandwidth, on the other hand, is how much you can jam into the envelope before it bursts open and the postal service rejects it. Your ISP (Comcast, Qwest, etc.) usually advertise their bandwidth, not their latency. In this case, though, latency will be extremely important. If you have a connection with latency (that is, it doesn’t take the letter very long to reach your friend) then it’ll be similar to playing on your own computer. High latency, though, will mean that there could be a long delay between when you press the button and when the server notices that you pressed the button. In a fast, action-packed game, reaction time can be very important and high latency will really mess that up. Similarly, bandwidth problems could cause the video coming back to be choppy, making it hard to figure out what’s going on or what you need to do to make it to the next level. These are not insurmountable problems, but the Internet backbone in America just isn’t likely to be up to the task of doing this. OnLive will have to have large servers in every major city and in most smaller cities to make this even begin to work. And, of course, it will only be available to people with fast Internet connections (6 Mbps or more) which are often hard to find away from heavily populated areas. Most other industrialized nations have much better network infrastructure than we do, so OnLive would probably do fine there. Here in America, though, it’s going to be rough at best.

OnLive managed to capture some lightning in their bottle this year at GDC. They got a lot of attention and became somewhat of a media darling. They still have a lot of work to do, though, before their service is ready for consumers. Given the long history of similar failures, though, I’m going to believe this one when I see it.

For full disclosure: I hear that a couple of the people who founded OnLive used to work for the company that owns the company I work for. I’m sure they’re nice folks, but I’ve never met them and don’t even know their names. So feel free to take what I’ve said with a grain of salt (pepper is also allowed) if you’d like to.

The Internet provides us with many things. It allows us ample opportunity and a myriad of channels though which we can communicate with friends and family, find out about local events, organize meetings, stream our favorite shows, listen to NPR, learn a new language, explore a new place, share gift ideas and purchase almost anything our hearts desire. More importantly, the internet offers us a great degree of anonymity, the attendant consequence of which being the ability to develop alternate personalities and interact with the global community in whatever shape of form we so choose. Unfortunately, in the realm of e-commerce, the lack of structure and the fluidity of the net also makes it easier to cheat, steal, embezzle and destroy lives.

My friend recently received a new iPod Touch as a gift from her brother. Content with the older yet still operational model she already had, and looking ahead to purchasing a new camera in order to develop and expand her new-found affinity for photography, she decided to put her gift on the popular Craigslist site. The following is one variant of the myriad of questionable solicitation she received. To do justice to absurdity, all errors have been kept in tact.

Hello
I am very glad to hear back from you. I am a University Senior lecturer residing in brooklyn ,N.Y. I came across this ad on Craigslist and thinking of my Son’s Birthday coming up, I would love to get an awesome present for him, which he really wants, he was currently transferred from Us to West Africa with his team on a research on Human development under world Health Organization.I’ll be paying you through Paypal,it’s secure and protects two parties in a transaction. I will forward my son’s residential address to you for shipping as soon as the payment reaches you. Please kindly get back to me ASAP,so that i can make the payment there.

NB: I will be paying you $520 for item and i will include $ 130 to cover up the cost price for the shipping fee. Get back to me with your paypal email asap.

Regard,

Most people, and luckily my friend included, can see the obvious scam being perpetrated. However, this is a multibillion-dollar industry precisely because unwitting victims do not take precautions to protect their identity nor their pocketbook. While it is often a good idea to avoid absolutes and do away with broad-brush strokes, most of these Internet scams originate from West Africa, and more specifically, Nigeria (most of the available literature focuses on Nigeria, but I’d like to note that I recently received a solicitation from Bolivia.) The scam above seems obvious because the buyer is willing to pay far more than the price of the item.  The Internet is replete with criminals patiently waiting for any opportunity to steal your information. In fact, there are entire websites dedicated to selling fake/stolen credit card numbers.

However, it should be made clear that financial identity fraud can be fought from both directions. Just as the onus is on consumers/buyers to protect his/her personal information, it is equally as important for retailers/sellers to be vigilant against this sort of fraud. For one, most retailers will not ship internationally. For example, if I was staying in Ghana and wanted to buy a new computer so that I could blog for The Melon, Apple would not complete my transaction. They would refuse to ship to Ghana.

Here’s how criminals get around these restrictions, and notice how the gentleman who wrote my friend uses a variant of this technique to get his paws on this iPod, which he ultimately fails to do. Let’s say now that I am in Lagos, Nigeria and I have possession of a fake credit card. Impressed with the clothing on the newly formed Melon Store, and knowing how much my children want to wear Melon gear, I use the credit card to make purchase orders. Now, as a precaution against fraud, The Melon store will not ship a sweatshirt to Lagos. What to do?

Find an unsuspecting American to send it to me, of course. Here is where it gets even more sinister. If I want to be successful in my criminality, I need to find a lonely yet hopeless romantic, preferably through a chat site. (With the explosion of social networking sites, the opportunities here are endless.) Let’s say that I meet a very nice middle-aged woman named Kathy who lives in Lincoln, Nebraska. Kathy is lonely and more generally, a very trusting person. I meet her online, and with the fake persona that I have created, I write sweet nothings to her on a daily basis. As our relationship develops, I even promise to marry Kathy eventually.

Essentially, I get it to the point where Kathy is willingly yet unknowingly being used as a pawn in my scheme to get Melon gear. After I communicate with her and get her in my snare, I make purchases and have them shipped to Lincoln. Once there, Kathy then uses her own funds to send the clothing to Lagos and of course, given that I have wooed her with promises of marriage, she pays for it out of pocket.

My aberrant behavior aside, I end up with the gear, my children are ecstatically and rightfully happy with their new fashionable Melon gear, Kathy is still lonely but has now spent thousands of dollars she does not have in the hopes of finding love and the poor person whose identity and credit card was stolen pays the ultimate price. It happens daily, even hourly and it is not just the elderly or the rationally comatose that fall victim to this.  We are all either victims or potential victims.

Digital Ethnography is a study, an anthropological discipline. Professor Wesch (blog) at Kansas State University has a team of students every year study the internet and its new trends. I tend to think academics are generally behind the major trends, not participating in them or generating them. But one of KSU’s methodological principles is known as “participant observation“, whereby the observer-academics take part themselves in the trends that shape online culture. Sometimes, as Prof. Wesch’s very viral 2007 YouTube video demonstrated to the world, the academics can become an internet phenomenon themselves.

Read More >>

A major Internet catastrophe was narrowly averted recently through the combined efforts of security researchers and large companies like Cisco and Microsoft. Not all the details of the problem have been released yet and those that have are rather esoteric, but I’ll do my best to explain them in layman’s terms. Also, before I get started, I want to do something I don’t do often: thank Microsoft for showing strong leadership on this and providing resources to ensure that the problem got fixed for everyone. So if you’re interested in hearing an exciting story about a race to save the Internet, read on!

Read More >>

Today marks the launch of the latest and greatest version of the best web browser out there, Firefox. It has a new look and lots of great new features, so head over to their site and grab yourself a copy!

Read More >>

Alas, a less-funny article in order to fill you in:

Tacoma anti-war activists appear to have successfully “shut down” the military recruiting center at the Tacoma Mall for the day, March 15th 2008. The action marked 5th Year Anniversary of the invasion of Iraq in 2003, which is officially on Wednesday, March 19th. According to the Answer Coalition, a group which organizes national protests, that will be a “day of mass-resistance” in major US cities.

Read More >>