Another nasty Christmas Present from Facebook

Posted: December 21, 2011 in general, professional, security
Tags: , ,
0

Whenever somebody comes up with a new business idea involving social media it’s usually time to cover your private parts. To the extent that you can. Take this idea from Hong Kong-based microlending startup Lenddo as described in this article in The Observer.

[Lendo] calls itself “the first credit scoring service that uses your online social network to assess credit.” The first thing Lenddo asks for is a Facebook account; then it wants access to Gmail, Twitter, Yahoo, and Windows Live. The Observer was given a respectable score of 470. But when we tried to apply for a loan, we were told “you need at least 3 connections with scores above 400 in your Lenddo trusted network.”

The company’s algorithm is proprietary and secret, said CEO Jeff Stewart, but the primary metric is what Lenddo knows about the people you’re friends with. “We think that in the age of the internet you should be able to establish your reputation and your identity through your social graph, through your on- and offline community, and use that to get access to financial products and information,” he said.

If Lenddo sees one of your best Facebook buddies took out a loan and paid it back, there’s a good chance you will too. “Our backgrounds are in machine learning and pattern recognition,” Mr. Stewart said. “It’s some serious math.

“There’s no reason there shouldn’t be thousands of engineers working to assess creditworthiness.”

I should note here that I too have a background in machine learning and pattern recognition but would hardly summarize it as “some serious math” except maybe to US GOP Presidential nominee hopefuls to whom addition is apparently an arcane art, but I digress…

Marketing hype aside, this simply checks to see if your Facebook “friends” are creditworthy and makes the unwarranted leap that you are like them with respect to creditworthiness. Problem with that idea is when you have “friends” with completely fictional profiles on social media sites. Like say me (when I was on Facebook) or Nitrozac and Snaggy. If you had friended me on Facebook, services like Lendo might conclude (not without basis) that you were a total wackjob. Seriously though, there is a very ugly side to this social credit rating business.

In another nifty but nefarious innovation, Lenddo reserves the right to broadcast your loan status if you fall into default. As the site warns: “Failure to repay will negatively impact your Lenddo score, as well as the score of your Lenddo friends. Lenddo MAINTAINS THE RIGHT TO NOTIFY YOUR FRIENDS, FAMILY AND COMMUNITY if the borrower fails to repay, however, this is only done after several notifications to the borrower and an attempt to work out a payment plan.”

“I think Mark Zuckerberg said it best,” Mr. Stewart said. “Every industry will be in fact impacted by social.”

Banks have been curious about using social media to gauge risk for at least a year, said Matt Thomson, VP of platform at Klout, which calculates “influence” based on a user’s social media activity. Determining creditworthiness is not a core product of Klout’s, he said, but banks have approached the startup to ask about it. He wouldn’t name names. “It’s really like the who’s who of banking,” he said.

(Mr. Stewart of Lenddo also said his startup is approached “regularly” by major banks curious about the algorithm.)

So let me get this straight, the same weasels who trashed the global economy with financial instruments that institutionalized fraudulent and unsecured, except by other equally dodgy financial instruments like credit default swaps, mortgages are now using the fact that everyone knows – or is – someone who was victimized in this debacle to further victimize people?

This time I’m not even going though the pretense of some imaginary conversation about privacy being dead, I’ll just throw out this quote and leave it at that.

Media theorist Douglas Rushkoff dismissed the idea that social media credit scoring is a serious erosion of privacy, mostly because there’s nothing left to hide. “We’re already in the nightmare scenario,” he wrote in an email. “They already know everything about you—more than most of us realize. If anything, the addition of social networking information to this data mining will help us come to some understanding of how much more these companies know about us than we know about ourselves.”

And there you have it folks from the lips (or keyboard) of a bona fide Media theorist – social media credit scoring doesn’t invade your privacy because you have no privacy to invade. So if you are still on Facebook you might as well just bend over. Again. Or quit being a tool. I’m just saying.

Thanks for all the phishing in 2011

Posted: November 24, 2011 in general, security
Tags: , , ,
0

So thank you for showing me,
That best friends can not be trusted,
And thank you for lying to me,
Your friendship and good times we had you can have them back.
From Thank You by Simple Plan

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2011. The things I’m thankful for.

I am thankful that the Nigerian Government has finally recognized their negligence and are going to help me get my rightful inheritance at last.

—————————————-ICPC NIGERIA ( An Anti-Fraud Unit)
………………………………we fight against fraud, funds delay and impersonation.
—————————————–Head Office: Plot 802, Constitution Avenue

 A LETTER OF COMPENSATION/SETTLEMENT.

 This letter will definitely be amazing to you because of its realistic value.

Sorry for the inconveniences that was rendered to you in your line of Inheritance Payment transaction with some impersonators some while ago.
I know that this letter will hit you by surprise, but firstly I will like to introduce myself; I am (Mr Emmanuel Ayoola ) the Legal chairman of “ICPC”, (Nigeria’s Anti-Fraud Unit).

On the 1st of October  2000 the former President of The Federal Republic of Nigeria (Chief Olusegun Obasanjo) introduced a Commission named the “ICPC”, (Nigeria’s Anti-Fraud Unit) which is duly registered under the United Nations (U.N.O). Secondly, we are mandated by the United States Government to Settle foreign indebted beneficiaries to satisfactory in other to maintain peace in the world at large and also to create a good relationship with the international bodies.

You are being contacted by this office today because your Case data is the very first File on our Settlement Files Cabinet. From our Intelligent investigations and Probing processes we discovered that you are a victim of  delay.
The “ICPC”, is faithfully under my governance as the Legal Chairman of the great Commission and to this Authority I took an oath of allegiance to settle all victims peacefully.
This Memorandum is to notify you that you will be settled by the Nig Govt from our initial Deposit. Your settlement will be actualized within  three working days after your response to this Official Letter.

I was definitely amazed because of the realistic value. And any organization with the motto we fight against fraud, funds delay and impersonation just has to be legit, right? Although I am worried by the address of the Head Office, Plot 802, Constitution Avenue. Sounds like a cemetery.

I am thankful that the FBI is willing to assist me in transferring my funds from the Central Bank of Nigeria which they discovered through attempting to wiretap the internet.

ATTENTION: BENEFICIARY
FROM: ROBERT MUELLER III EXECUTIVE DIRECTOR FBI FEDERAL BUREAU OF INVESTIGATION WASHINGTON DC.

FBI SEEKING TO WIRETAP INTERNET
The federal bureau of investigation (FBI).Through our intelligence-monitoring network has discovered that the transaction that the bank contacted you previously was legal. Recently the fund has been legally approved to be paid via Central Bank of Nigeria. We the federal bureau of investigation (FBI) Washington Dc, in conjunction with the United Nations (UN) financial department have investigated through our monitoring network noting that your transaction with the Central Bank of Nigeria legal. You have the legitimate right to complete your transaction to claim your fund US$15.5,000,000.00(Fifteen million five Hundred Thousand united states dollars).

First Mr Emmanuel Ayoola finds my missing megabucks and then ROBERT MUELLER III EXECUTIVE DIRECTOR FBI contacts me directly to let me know it’s all legal. How sweet is that!

I am thankful for 22-year-old princesses from Burkina Faso who want not only a relationship but desire my help in investing large sums of money.

Dear Sir / Madam,
How are you today,I hope fine? I am a female student from University of Burkina-Faso, Ouagadougou. I am 22 yrs old. I will love to have a long-term relationship with you and to know more about you. I would like to build up a solid foundation with you in time coming if you can be able to help me in this transaction. Well, my father died earlier 1 year ago and left I and my junior brother behind. He was a king, which our town citizens titled him over sixteen years before his death.I was a princess to him and I am the only person who can take care of his wealth now because my junior brother is still young and my late mother is also late two years ago before the death of my Late father. He left the sum of )Twelve Million Five Hundred Thousand united state dollars ($12.5mUSD) in a Bank. This money was annually paid into my late fathers account from Gold Exploring companies operating in our locality for the compensation of youth and community development in our jurisdiction. I don’t know how and what I will do to invest this money somewhere in abroad, so that my father’s kindred will not take over what belongs to my father and our family, which they were planning to do without my present because I am a female as stated by our culture in the town.Now, I urgently need your humble assistance to move this money from the Bank of Africa to your bank account after which i come over to meet with you. and I strongly believe that by the grace of God, you will help me invest this money wisely. I am ready to pay 40% of the total amount to you if you help us in this transaction and another 10% interest of Annual After Income to you, for handling this transaction for us, which you will strongly have absolute control over. Please if you are interested to help me, then get back to me urgent so that I will give you more details including my picturs.
Yours sincerely,
Princess Ruki Yaya.

As much as I’d like to help Princess Ruki Yaya I’m concerned about the statement I am a female as stated by our culture in the town. I’m only interested in women who are female in all cultures everywhere.

I am thankful for dying rich guys who recognize my humanitarian fervor and want to leave me lots of money.

Subject: Dearest One,
Dearest One, Assalam Allekum, My name is Abul Kalam Azad. I am a dying man who have decided to Donate the sum of $18million dollars. to you for the good work of the Humanity. Please contact me via. Email: aazad@yahoo.cn for detailed information on this noble project of mine. Please note that I have WILLED $18m to you by quoting my personal reference number De/Jds/533/0068/HtrI/33ln/eg. So that i can confirm that you actually received my email notice to you. Wassalam and Regards, Abul Kalam Azad

While I appreciate the generous bequest, what’s up with that “Dearest One” stuff and the Yahoo! China email address?

I am thankful for dying rich women who recognize my humanitarian fervor and want to leave me lots of money.

Goodday,

My names are Mrs. Irene Cesarec. I was diagnosed of cancer about 2 years ago, and was receiving treatment for it, but now the doctors are saying I have a short time to live.   

When I was in better health, I never really cared for any body with no children of my own and a late husband I was a selfish and greedy person. I have decided to donate the sum of $10.8M to you, so you can disburse to charities, widows, orphans and less privileged. I was doing this myself but now my health has deteriorated, I wanted my relatives to do this for me but they only saw it as an opportunity to enrich themselves.

I will be going in for an operation soon, I want this last act of mine to be an offering unto God, perhaps he will have mercy on me. Please contact my lawyer with the below:

Quote my ref # : will/Wlaw/Pn/lr/93/ytx/ when responding.

I am sending him a copy of this message as well so he is aware of my intentions, Please use the funds well and always extend the good works to others.

Stay blessed,

Mrs. Irene Cesarec.

Whoa! It’s like deja vu. Sorry Abul but I’m going to have to go with Irene. Even though she’s only giving me $10.8M  she admits to being a selfish and greedy person. My kind of benefactor.

I am thankful for winning contests staged in places I’ve never been to promote products I don’t buy that I don’t recall entering.

TOYOTA MOTORS CORPORATION INTERNATIONAL PRIZE NOTIFICATION 2011 NEW CARS PROMOTION
We are pleased to inform you of the result of the just concluded annual final draws held on the 1ST OF January,2011 by Toyota Motor Company in conjunction with the Japan International Email Lottery Worldwide Promotion,your email address was among the 20 Lucky winners who won US$1,000,000.00 each on the Toyota Motors Company Email Promotion programme dated as stated above.This is from the total price of $20 million United State Dollars ($20,000,000.00usd)shared among the 20 lucky winners.

The online draws was conducted by a random selection of email addresses from an exclusive list of 35,031 E-mail addresses of individuals and corporate bodies picked by an advanced automated random computer search from the internet. However, no tickets were sold but all email addresses were assigned to different ticket numbers for representation and privacy to make sure the money reaches you.

Uh… Not sure I understand any of that or what it has to do with Toyota, but hey I’ll take the cool mil.

Since 2011 was a terrible year for employment I’m thankful that I’ve received so many guaranteed job offers like this one from a company that respects my awesome database management abilities.

Subject: Database Management Position

We have assessed your curriculum vitae and wish to introduce to you a job opportunity in clerical and administrative services at NHN Team. The ideal applicant must possess outstanding communication skills, be attentive to details, perfect reporting skills, responsible and able to work in a fast paced working environment.
The principal duties of the job include but are not limited to: recording orders for services and merchandise, compiling transaction records, compiling correspondence, performing basic bookkeeping and other clerical duties.
At NHN Group we provide an encouraging working environment. The position offers an attractive performance related commission. Flexible schedules, part time and full time available. If you are interested in entering an organization where contribution matters, please get back to work-dept@nhn-jobs.com and we will forward to you further information on this opportunity.
Best regards,
NHN Team

I’m not even sure what a curriculum vitae is but apparently mine indicates that I would be good at clerical and administrative services which is apparently database management.

On a more serious note there was a marked increase in the number of phony job offer phishing in 2011. I usually get several good ones per year, but in 2011 out of the 60 funny emails I saved, 37 of them – a whopping 62% – were phony job offers. Some were completely silly like the one above, but others were pretty decent CareerBuilder forgeries. So while I mock these ham-fisted attempts at fooling the naive, it’s sobering to recognize that there are a lot of really desperate unemployed folks out there who are willing to try almost anything to get a job. And the slimeballs who are exploiting that nauseate me.

Once again I’m thankful that Google Translate hasn’t improved significantly since 2010.  Otherwise this stuff wouldn’t be nearly as amusing. So Happy Thanksgiving 2011. So long and thanks for all the phish.

Hiding in Glass Houses

Posted: October 26, 2011 in general, professional, security
Tags: , ,
0

You’re building glass houses on the sand
Then you stand around and shake your head
When they all fall down
From Glass Houses by Steel Magnolias

So the big tech and style news this month, in case you missed it, was Apple’s hyperbole laden and new(ish) iPhone 4s and iOS5. This baby boasts everything better, faster and smarter (Siri notwithstanding) than the old school iPhone 4. Including this swell new(ish) app called Find My Friends which is described in Slashgear thusly [emphasis mine].

The free app, which uses GPS to locate your friends and family and, if the privacy settings mash correctly, display them on a map in real-time, can be found here.

But as Aahz the Pervect was wont to say “Therein lies the story”. That deal about privacy settings should be a clue [hint - turn them all off]. There’s even an interesting thread on MacRumors making it’s way around the blogosphere with a tale to make divorce lawyers weep. In agony or ecstasy depending on which side they represent.

I got my wife a new 4s and loaded up find my friends without her knowing. She  told me she was at her friends house in the east village. I’ve had suspicions  about her meeting this guy who live uptown. Lo and behold, Find my Friends has  her right there.

Regardless of the veracity of the post, I posit the following question: Who really thinks it’s a good idea to have everyone know exactly (within 10 meters) where you are at all times? I can think of a number of folks, in addition to suspicious spouses, who love this idea including:

  1. Law Enforcement – rounding up the usual suspects has never been easier
  2. Burglars who prefer victims to be elsewhere than the location being burgled – saves all that unpleasantness associated with being surprised by irate property owners.
  3. Employers who want to verify that employees are actually working from home – or really at the dentist instead of interviewing for another job.

Now certainly there might be situations where this feature would have a non-nefarious or even beneficial usage, like say finding a missing child. I’m just doubtful that would work in a serious situation like say kidnapping. Unless the kidnapper was stupid enough to keep the phone,  like say users of Find My Friends.

You see, here’s the deal – owning a smart phone or other GPS-enabled mobile device is like hiding in a glass house. Unless you take extraordinary measures anyone can find you. At any time.  Problem is most users of the aforementioned devices have no idea how exposed they are by default – not to mention what happens when they use an app like Find My Friends.

About now you may be thinking, “Yeah, well maybe that’s true, but everybody knows that privacy has been dead since 1999 so deal with it”,  channeling Scott McNealy’s infamous comment. Or even “You shouldn’t be worried about privacy unless you have something to hide”.

And that, my friend, is what concerns me. When everyone accepts this truism and becomes willing to trade their privacy – and ultimately their liberty to disagree with whatever authority is currently watching – for slick but useless diversions there will be serious consequences.

We may not be able to do anything about our modern life in glass houses. But at least we can try to hide without constantly screaming our location.

Security For All is three years old!

Posted: October 9, 2011 in general, professional, security, Uncategorized
Tags: ,
0

Happy Birthday, now your one year older.
Happy Birthday, your life still isn’t over.
Happy Birthday, you did not accomplish much.
But you didn’t die this year i guess that’s good enough.
From Funny Happy Birthday Song by Adam Sandler

Hard to believe that last month marked the third anniversary of Security For All. Actually the really hard thing to believe is that I actually found time to do this post. Whining aside, this last year has been a corker for everybody. A whole bunch of wild, wacky, wonderful, wasteful, woeful and wicked things happened during the last 13 months. I ‘ll leave it as an exercise to the reader to assign the appropriate W-word to the items in the following list. In no particular order:

  • Steve Jobs, co-founder, chairman and former CEO of Apple passed away on October 5th, 2011 after a long struggle with pancreatic cancer. He was just 56 years old. It’s hard to imagine anyone who had a greater impact on technology and society. He will be sorely missed.
  • Britain’s Prince William announced his intention to marry long-term girlfriend Kate Middleton on November 16, 2010 , and subsequently followed through on that threat on April 29, 2011 where it was described thusly by USA Today: More than a billion eyes were on Kate Middleton as she stepped out of the queen’s 1977 Rolls-Royce Phantom VI in front of London’s Westminster Abbey on Friday wearing a wedding dress of fairy-tale princess-esque proportions — a dress that will be immortalized in fashion history. There were at least as many spammers and phishers rejoicing over the joyous event.
  • Nasa discovered a new lifeform, a bacteria they christened the GFAJ-1 strain, that apparently substituted arsenic for phosphorus, sparking all sorts of extra-terrestrial bacterial visitation speculation. Would have been game-changing if only it had been accurate. Oh well another study for the The Journal of Irreproducible Results.
  • The United States Senate voted to repeal the U.S. military’s ‘Don’t Ask, Don’t Tell’ policy of officially sanctioned homophobia. While the law has been in effect for several months now apparently a number of right wing politicians and military cheeses haven’t gotten the memo. Or maybe they just can’t figure out how to use the Reality distortion field that worked out so well for President Bill Clinton and Apple CEO Steve Jobs. The more plausible possibility is that they can’t find anyone on their staff able to read something as complex as a memo.
  • U.S. Rep. Gabrielle Giffords was shot in the head by a lone wack-job after being included on Sarah Palin’s ‘Hit List’. But the craziness didn’t stop there. Sales of semiautomatic Glock pistols like that used in the shooting spiked in Arizona and across the nation in the days following the attack. Fortunately Ms. Giffords was able to overcome the staggering odds and appeared in person at her husband, Astronaut Mark Kelly’s retirement from the Navy. Not sure what the moral of this story is but I’m a little reluctant to hang out anywhere near people who disagree with Ms. Palin.
  • The now aptly monikered Arab Spring began in January of 2011 with the president of Tunisia being driven from power by violent protests over soaring unemployment and corruption. In the following months Egypt and Libya have seen regime changes with  Bahrain, Syria, and Yemen also seeing civil uprisings. If Desert Storm (U.S. vs. Iraq episode 1) was the first made-for-TV conflict, Arab Spring must certainly count as the first made-for-social-media revolution. Whoever said “The Revolution will not be tweeted” was dead wrong [apologies to Gil Scott-Heron, who also died in 2011, and is maliciously mis-quoted here]. It’s also been argued, debated [no - scratch that - since real debate requires some level of basic knowledge and understanding of the topic which is simply not available in this case] and pontificated on, via traditional and the newly enfrancised social media. Speaking at the e-G8 Internet Forum in Paris, Facebook CEO Mark Zuckerberg downplayed Facebook’s role in places like Cairo, Homs and  Tunis, saying “It’s not a Facebook thing, it’s an Internet thing,” when asked about his site’s influence on the Middle East’s popular uprisings. “There’s no value to Facebook in invading the privacy of folks in those places.” [I made that last quote up - but I'm sure that's what he meant to say].
  • A tsunami rammed the coast of Japan following a powerful 9.0-magnitude earthquake causing widespread devastation and essentially shutting down some of Japan’s largest manufacturers including Honda and Toyota. But by far the greatest damage that resulted from this disaster was the meltdown of the Fukushima Dai-ichi nuclear power station in northeast Japan. This part of the tale just kept getting worse each day as the Japanese government and Tokyo Electric Power Co (TEPCO) kept trying to reassure the public and the world that things were under control. Some would argue that it’s still not entirely under control as there have been elevated levels of radiation detected in the Pacific waters as far away as the west coast of the U.S. So now a tsunami caused by a monster earthquake has turned into the worst nuclear crisis since Chernobyl in 1986, costing TEPCO 1.1 trillion yen. So far.
  • Osama bin Laden, the mastermind of the 911 attack, was killed in a firefight with [actually he was terminated with extreme prejudice by] United States forces in Pakistan. Turns out he’d been living in relative comfort in Abbottabad. Right under the noses of our Pakistani “allies”. Pakistani officials were “Shocked, Shocked! To find Osama bin Laden living in Pakistan”. [OK, I made that last quote up too].
  • On May 22, 2011 a massive EF5 rated tornado tore through Joplin, Missouri, killing over 120 people, carving a mile-wide path of destruction through the city and leaving fully a third of the population homeless. Somehow the people of Joplin, with the help of many other Americans, managed to rebuild enough of the devastated city to open all schools on time for the fall semester. It’s stuff like this that keeps my scant faith in my fellow citizens alive.
  • Former Illinois Gov. Rod Blagojevich was found guilty on 17 out of 20 federal corruption charges — including all charges tied to allegations that the Chicago Democrat tried to trade an appointment to fill the U.S. Senate seat vacated by President Barack Obama. Guilty! Thank You, That is all. [Apologies to Mr. Toad's Wild Ride]
  • In a frenzy not seen since the televised O.J. Simpson trial, Court TV became the latest reality-TV-cum-spectator-sport. Complete with announcers and color commentators like Nancy Grace. First we had the trial of Casey Anthony, who allegedly murdered her daughter Kaylee, which got better ratings than any Soap Opera and triggered widespread protests when she was acquitted (much to the chagrin of the aforementioned Ms. Grace) and pitted Floridians against each other, some restaurants even refusing to serve jury members. Those jury members later whined that had they been allowed to listen to Nancy they would surely have reached the right decision. Then we had Warren Jeffs, a particularly egregious polygamist, child pornographer, prophet of doom and leader of strange religious cult centered, apparently, around him getting it on with very young girls being tried for that lifestyle choice. This trial was so salacious that even I was taken aback when Dr. Drew Pinsky insisted that it was the right, yea even the duty of the court TV “journalists” to show the videos of the nasty Rev. Jeffs deflowering his youngest “brides”, video apparently being a sacrament in this cult. I’m guessing that the CNN lawyers were offering up their own prayers that the FCC would ignore Dr. Drew’s apparent journalistic fervor and not go after them for child porn. And finally we have the ongoing show trial of Dr. Conrad Murray who allegedly administered the fatal dose of propofol that killed Michael Jackson. This trial is hardly worth the nightly hystrionics of Dr. Drew and Nancy Grace (tag teaming this one) since the worst that can happen to Dr. Murray (other that the fact that the king of pop died before he could get paid) is that he can get probation. He’s already lost his medical license not to mention his credibility with anyone other than celebrities with nasty prescription drug habits. If you don’t think Mark Mothersbaugh was right about ‘de-evolution‘ you should tune in some time.
  • Then we had the ‘Spectaular Summer Debt Ceiling Crisis’ starring the U.S. Congress with special guest stars Pres. Barack Obama and Timothy Geitner. This long running polical theater farce, based on the hit ‘Nero Fiddling’ had them rolling in both aisles to the disgust of viewers all over the world. This amazing display of gridlock and political brinksmanship resulted in Standard & Poor’s downgrading the creditworthiness of the U.S. government to AA+ from AAA. What a show.
  • In tech and business, Google acquired Motorola Motility, AT&T attempted to acquire T-Mobile but was slapped down by the DOJ. HP released the TouchPad, announced it’s killing the product line, sold the few they had built at a fire sale which was so popular they ramped up for another TouchPad fire sale. WTF? Apparently the notoriously quick on the fire-the-CEO trigger HP board had the same reaction and dumped Leo Apotheker for Meg Whitman of (GOP and E-Bay fame). But not before the stock did a swan dive.
  • The Sony Playstation Network (PSN) was well and truly pwned. Fingers were pointed everywhere but in the end it was just good old bad engineering and security hubris that proved their undoing. That and trying to piss off PS3 modders.
  • Then there was Anonymous whose DDoS-in-the-name-of-protest efforts were alternately lionized and villified in the media and political circus and managed to annoy pretty much everybody at sometime or another. They didn’t like Sony either and were early scapegoats in the ongoing Sony CYA efforts. Their 15 minutes is waning fast, but those Guy Fawkes masks are totally bitchun.
  • Security Bloggers were busy little beavers with Dr. Anton Chuvakin taking a new job at Gartner, Martin McKeay and Josh Corman taking jobs at Akamai,  Ben Tomhave taking a job at LockPath, Jack Daniel moving into a new gig at Tenable after they acquired Astaro and Kai Roer and Mourad Ben Lakhoua editing a great book with articles by Dr. Anton Chuvakin, Margaretha Eriksson, Alistar Forbes, Brian Honan, Alex Hutton, Javvad Malik, Wendy Nather, Rob Newby, Kevin Riggins, Eric Schwab and  Lori Mac VittieThe Cloud Security Rules: Technology is your friend. And enemy. A book about ruling the cloud.
  • Finally Captain X-Ploit went completely off the rails with two spectacular holiday specials. The Halloween Special consisting of four posts: The Devil Walks Among Trustonians, Movies Can be Fun, Nightmare on Dream Street and  28 Stores Later which spoofed the classic horror films Halloween, The Ring, Nightmare on Elm Street and Dawn of the Dead respectively. The good Captain faced crazed mass murderers, lethally cursed movies, dream demons and spam distributing zombies and prevailed with great and hilarious feats of hacking. The Amazing Cross Dimensional Christmas Special was a heartwarming mashup of Fox’s “Fringe”, Dr. Suess’s “How the Grinch Stole Christmas” and Tim Burton’s “Nightmare Before Christmas” where David and President Ted save Christmas. Sort of.

So stay tuned. Maybe we’ll be a bit more concientious about blogging at Security For All. Or not. But it will probably be pretty funny and borderline informational.

Oh and be sure to actually go to the Security For All blog site and check out our annual swell theme change.

So they exposed your personal info in a breach. Now what?

Posted: August 22, 2011 in general, professional, security
Tags: , , ,
0

And now – what do I do now?
Oh, I don’t know
Oh, I’m leaving
And now, who’s gonna save me next time?
From Now What by Lisa Marie Presley

So there you are just minding your own business and chilling on PlayStation Network when…

Yikes! PSN has been breached! And now you and 100 million of your closest friends have been exposed. Now what?

This post on Credit.com News and Advice has some advice that you might want to check out.

Data breaches are an everyday occurrence affecting millions of Americans each year.

Just ask crafters who shop at Michael’s Stores, Sony PlayStation Network gamers and investors at Morgan Stanley Smith Barney.

They’re all vulnerable to identity theft and other fraud because their personally identifiable information (PII), such as a birth date or Social Security number, for example, was exposed. That information could be used to commit financial fraud.

Here is a condensation of their 6 tips with my comments (you didn’t think you’d get off that easy did you).

  1. Review the breached account. Find out exactly what the pwned data losers (and I mean that quite literally) had of yours that might have been exposed. Forget what they ADMIT to losing and assume they lost it all. That includes not only credit card info but your credentials (login and password) to the site.
  2. Change all user access credentials. Change your password on the immediately affected site (DUH!) and then change your password on every other site that uses the compromised password. Now would be a dandy time to quit being an idiot and either get a password safe or use another method to choose strong unique passwords for every site and service you use. If you use the same password for PSN, your bank, YouTube, Facebook and Twitter… Uh Sorry. Sucks to be you.
  3. Notify existing creditors of the breach. MasterCard and Visa are pretty good about dropping fraudulent charges – if you tell them. The sooner the better. They will likely want to close that card and open a new one. If for some reason you used your debit card online… Again, Sucks to be you.
  4. Place a fraud alert on your credit file.Often the miscreant data losers will pony up for some kind of fraud protection in the wake of a breach. If they don’t you can – and should – set something up on your own. Often your creditors will offer at least limited time versions of these services at no charge. If they don’t then consider doing business with someone else. Seriously.
    • Initial Fraud Alerts last for 90 days and require potential creditors to confirm the legitimacy of your identity before granting credit.
    • Extended Fraud Alerts last for seven years. Victims of identity theft who provide credit bureaus with an identity theft report like this one are eligible.
  5. Review your credit reports for any unusual activity. Credit.com suggests you use annualcreditreport.com to get free annual credit reports. That’s not a bad idea, but be wary about some of the extended credit monitoring services offered by the credit agencies. I’ve had a less than satisfactory experience with Experian but have had decent luck with Equifax. In any case, no service can substitute for good old due diligence on your part. Pay very close attention to not only your credit card statements, but social security or other government entitlement accounts. In general, make sure you understand every nuance of any statement from any entity that pays or bills you.
  6. Consider placing a security freeze on your credit report. This is the nuclear option. Be sure you really understand this before you push that button. Go to ConsumersUnion.org and check out the Consumers Union’s Guide to Security Freeze Protection before considering this step.

So hopefully now you have at least some idea of what to do next. Since there doesn’t seem to be much hope in preventing these epic data breaches. At least as long as the data losers aren’t really penalized for their negligence. And before you start feeling sorry for poor Sony just pay attention to the cost of their services over the next few years after they’ve sucked you back in to PSN to see who really pays. But hey, you can always unplug the PS3 and play monopoly. Or basketball. With no risk of a data breach.

Captain X-Ploit: Sara and Maxi’s magnificent monetary mischievous maneuver.

Posted: August 12, 2011 in general, professional, security
Tags: , , , ,
0

The Adventures of Captain X-Ploit:
Sara and Maxi’s magnificent monetary mischievous maneuver.
– Part 4 of the epic chronicle –
Strangers are just Enemies you haven’t met.

After the alien left, restoring time to its usual single dimensional, flowy self, Max and Sara found themselves at the library. Hunched over a computer, Sara was reading her way through the wiki entries on several celebrities as Maxwell was standing next to her with an awe-filled grin plastered on his face.

“Sara?” he asked, “Yes, Maxi?” Sara responded with a stunning smile on her face. “So like… wow, you’re telling me I can take any of these books and no one would care?” he asked. His fascination with this concept had less to do with the concept of taking things without people caring and more with the concept that other places were supposed to operate differently. Being famous, handsome, and lucky he had never found people to be opposed to him taking whatever he wanted anyway.

“Well, yes… but you have to run them through the little machine over there,” she gestured with a hand, not removing her eyes from the screen, “before you can leave with it.”

“Weird,” Max said trailing off, distracted by a girl walking by. “I think I’ve got all the information I need,” she said snapping Max’s attention back to her.  “So like… what are we doing again?” Max asked, looking confused as Sara began to scribble several notes onto her hand. She smiled at Max without a hint of exasperation even though she’d explained it over thirty times on the way to the library.

Later that day at the bank:

Sara walked in confidently, leaving Max outside to ponder the complex plan. “Hi, I’m Sara Paylyn,” she said to the teller, “and I’d like to withdraw all my monies.”

“Sure thing Mrs. Paylyn, we just need to ask a question. For security reasons, of course.” Sara nodded and the lady began her list of questions.

“What is your pet’s name?”

Sara hastily glanced at her hand and responded quickly “Birstal.”

“Fantastic, Mrs. Paylyn! How much would you like to withdraw.”

Sara pretended to think for a moment before responding “All of it, I think.”

Several moments later:

Sara was standing outside the bank with $4,312,632.13, explaining to Max how she would surely win the contest now, when Max interrupted, “CONTEST!!! Oh man, I love contests… I wanna be a part of it!” Sara smiled at him wondering if every clone had hacking skill.

“Go for it, Maxi! What’s your plan?” she asked.

Max just shook his head, not wanting to reveal his brilliant plan, and walked confidently into the bank. At the counter the teller looked at him and said, “How can I help you, handsome?”

“Ya, hi, I’m some, like, rich dude and I want to, like, get my money… you know, like, for spending.”

“Okay…,” the lady said, her smile wavering for a moment, “What’s your name.”

“Maxwe…,” he stopped himself, “ahh… I mean,” his eyes dashed about wildly for a name he could use, “Trisha Smith” he exclaimed with a smile as he read her name tag.

Her eyes went wide for moment in shock as she responded “That’s my name, sir… what is YOUR name” she said.

His eyebrows furrowed in deep thought before reading another name off the business card on the counter. “Emmet Brown” he responded with a smile.

“You’re not Mr. Brown! Mr. Brown owns this bank and you’re far more handsome than he is.”

“I had plastic surgery…” Max smiled his perfect smile at her.

“Okay, well I have to ask you this question to be sure. What is your favorite color?”

Max puzzled for a moment thinking how to respond before he finally decided to guess at random, “Hot Pink”

Trisha looked astonished, staring at him “Emmet, is that really you?”

“Yes, now, I’d like to take the money please.”

“Of course, sir,” she said shuddering a little, “How much do you need?”

“All of it would be nice,” he responded without hesitation.

All of the money in the bank?” she asked in amazement.

“Yes.” He responded politely with a smile.

That night at midnight:

Sara and Max were standing waiting for David to appear. Sara couldn’t help but feel a little crestfallen. As much as she liked Max and enjoyed seeing him win, she had only $4 million to her name whereas Max had walked off with the entire contents of the bank. Which happened to be transported at the moment in the truck of a man he had paid $1,000.

At least I can still beat David, that smug jerk, she thought as she saw David and Tedward walking up the street toward her.

At last we’re back to the hacking contest betwixt David and Sara – and Maxwell it seems – with Sara (and Max) using a tried and true exploit against weak authentication. I love the part where Maxi (AKA the stupidest life form in existence) is the one to hit the mother-lode by sheer dumb (and I mean that in the nicest way possible) luck. Much like the “hackers”, script kiddies and others who are routinely publicized by the panic-stricken (and panic-mongering) popular press. It ain’t rocket science folks. But it works. Really, really well. I’m still pulling for David and his mouse minions, though. How can you not be partial to plans involving cohorts like Mr. Biscuits, Señor Sparkles and Dr. Whiskers?

Facebook will throw you under the bus

Posted: July 21, 2011 in general, professional, security
Tags: , , , ,
0

Tryin to ruin my name
Threw me under the bus
Riding all over the town
Spreading rumors around
Threw me under the bus
From Under the Bus by Lolene

In my previous post I explained why I left Facebook. Doing so freed up enough time to actually do another bl0g entry so it’s only apropos that this entry reinforce the idea that Facebook is not your friend. Unless of course your friends are conniving weasels who steal from you and will throw you under the bus in a heartbeat. Like being friends with Casey Anthony (but I digress). If you have friends like that then Facebook is what you are used to. If not then read on.

In this post by the oft quoted (by Security For All at any rate) Sharon D. Nelson, Esq. of the {ride the lightning} blog the following question is asked: How Much Data is Facebook Giving Law Enforcement Under Secret Warrants?

According to Reuters, since 2008, federal judges have authorized at least two dozen warrants to search Facebook accounts to the FBI, the DEA and ICE. The investigations have involved such things as arson, rape and terrorrism.

What interested me most is that these warrants demands a user’s “Neoprint” and Photoprint” – terms I had never heard before which apparently appear in law enforcement manuals and refer to a Facebook compilation of data that the users themselves do not have access to. So much for Facebook’s claim that the “Download Your Account” button gives you everything that Facebook itself possesses.

Facebook doesn’t tell users about the warrants to give them a chance to challenge those warrants legally.

Yikes! Talk about throwing your users under the bus. And without notice. As Sharon points out even Twitter has a policy of notifying users before they hand over anything to law enforcement. But not Facebook.

And then there is this post by fellow Security Blogger Carole Theriault in the nakedsecurity blog that asks Does using Facebook put you at more risk elsewhere on the internet?

The Pew Research Center has shown that the more time you spend on the internet, especially social networks like Facebook and Twitter, the more trusting you become.

Not just on social networks, but everywhere – both online and in real life.

With 30% of the world estimated to be online – about 80% of North America and 60% of Europe – and more than half of these users belonging to some social networking site, an increase in trust could have major impacts on how people interact in the future.

Does this mean that social network users will eventually become a bunch of loved-up hippies? It is really difficult for me to imagine what I would be like if I shed my cynical armour.

I shouldn’t really worry: while I study social networks all the time, I am more of a voyeur than a player. Let’s be honest here – I find them really scary.

Many users of social networks seem completely addicted – they are on there all the time, recording every event of their lives. It just seems so intrusive to me…and compulsive.

So the premise is that people on Facebook are more trusting than other internet users, and MUCH more trusting than non-internet users.

It seems clear me to me that if Facebook users are genuinely more trusting, they are more at risk of online scams, both on and off social media sites.

Maybe research like this proves that social networking sites like Facebook and Twitter need to show greater interest in educating their users about being safe online.

One could argue that they should proactively protect their community against commonly encountered threats.

I agree that it would be swell if Facebook showed a greater interest in educating their users about being safe online but from where I sit I’ve only seen an interest in exploiting their users. But it is a great interest.

To borrow a soundbite (in spite of the lack of audio in this blog) from former First Lady Nancy Reagan, Just say No! to Facebook. Or friend Casey Anthony.

Captain X-Ploit: Maxwell D. Higgens

Posted: July 15, 2011 in Uncategorized
Tags: , , , ,
1

The Adventures of Captain X-Ploit:
A life without love is a life wasted… or whatever. ~ Maxwell D. Higgens
– Special Edition –

This is a story about Maxwell, it begins in the lab of an alien ship floating somewhere in the Betelgeuse system.

Stan cast his eyes around the lab looking for someone to exclaim in amazement to. He had done it! Finally and definitely done it. In the DNA of one human baby named David Nicholas Stone he had found what he had suspected all along. What he had found was in fact, a gene that actualized only favorable outcomes for its owner.

It had been speculated that such a gene existed ever since Blungo of the Solaris Nebula placed a million cat-like creatures in a million boxes that released poison randomly and found after 20 trials that only one cat remained. Having based his trial more on a hatred of the cat like creatures rather than an actual belief it would yield more information than was already known. In anger at his failing Blungo promptly threw the creature out the window where it fell 400 feet landing on all fours comfortable on a mattress that by incredible odds was being delivered to the building that day. Blungo then spent the rest of his life following the cat-like creature. That is to say, Blungo followed that cat until Blungo died… the cat still lives on due to randomly gaining immortality by being struck with lightning while lapping up some particularly tasty cream in a field of warm pillows that smell of tuna.

Stan, desperate to prove to the world he had indeed found the gene proceeded to clone David and activate this gene as hastily as possible, cutting out any dominant traits that even looked like they could limit or cause the “Luck Gene” to not display properly. 9 months later the baby was placed on earth to be examined by a universe full of excited scientists. He was left in the care of an extremely lucky couple who had wanted a baby since the first time they had won the lottery but had never managed to conceive.

It was a perfect summer night when Mrs. Higgens found a baby had been left in front of their mansion with a note reading “The fate of the universe does not lie in his hands, but he’s pretty cute. He represents hundreds of years of work and I’ll miss him. So take care of him. Or I’ll disintegrate you.” The Higgens couple just assumed it was a joke and the child was left by some teenage girl not ready to raise him. This mattered little to them, however, because their final dream had come true. They had a son.

Maxwell grew up different from most of the children. Statistics didn’t seem to apply to him, his brilliant blond hair and stunning blue eyes, the fact he had never been sick a day in his life, the mind boggling circumstance that whenever presented with an exam he circled at random and received 100%’s.

His life was magical and beyond perfection. He was everything everyone wanted to be, stunningly handsome, unfathomably lucky and inconceivably wealthy. His luck gave him everything, save for one part of his being, his intelligence.  It became blindingly obvious as Maxwell grew that in addition to being unbelievably lucky he was also profoundly stupid.

At the tender age of 18 Maxwell found himself in California after leaving his house in hopes of finding the one thing his luck had never given him, a girl he could love. His quest began shortly after the 37th girl, an international super model in this case, that pledged her undying soul in devotion to him. After hearing how she said he made her feel he knew he must find a girl who could make him feel that way. He began his search in his usual way, by wandering around aimlessly for several hours.

After finding himself in California, roughly 1000 miles from where he started, he figured he’d better buy a house and some food. A few charges to his credit card later he found himself living in Beverly hills with a piece of pizza in his hands.

Several years and 462 girls professing their love on the first date later, he found himself to be one of the world’s most esteemed and famous actors, having won countless awards after accidentally wandering onto the live set of a movie and as he put it ‘just going with it’. But countless awards, unheard of amount of money, and innumerable numbers of nights with super models seemed to bring him no closer to his quest.  The universe couldn’t deny him his dream endlessly, however. One day an alien walked into his bed room with news that would bring him one step closer to his true dream.

“Did Ryan send you to show the girls out?” Maxwell asked from his bed which happened to contain and indeed be surrounded by 8 of the most beautiful human females the alien had ever seen. The alien, who was about 9-feet tall, grey, with an odd shaped head and pitch black eyes, was momentarily confused by the question.

“No, I’m here to collect the David clone. You were supposed to be in Trustonia months ago!” the alien replied.

“Really? Is that what all that mail I kept getting that said ‘fate of the universe’ and crap like that, was all about?” Maxwell asked simply.

“Did you not think it odd that your butlers keep moving to Trustonia to prepare your house?” the alien asked in amazement at Maxwell’s stupidity.

“That’s what they were doing? I thought they were moving there to look for more girls to bring me,” Maxwell replied.

“Look, just come with me, I’ve paused time and I need to introduce you to the other,” the alien explained.

Several (what would have been, if time was not paused) hours later in Trustonia:

“Greetings Miss Boulder, I bring with me…” the alien was in the middle of saying when the gorgeous man interrupted hastily “Wow! A world full of people who don’t move! Oh, I know, we must be in Canada! Yes that’s got to be it.” The alien looked pained by the handsome man’s obvious stupidity as he finished his thought “Maxwell Damian Higgens, perhaps the stupidest life form in existence.”

Sara’s jaw dropped in amazement. A more perfect face she could not dream of. Her soul all but wept for wanting of the visage that danced in front of her believing eyes. At that point she knew two things. One, she would pledge her every breath to him and two she would have him.

Note from the author:

Well at long last I finally offer you the back story of Maxwell Higgens. I feel this release has to come with an apology for its lateness. Believe it or not I actually wrote three different introductions for Maxwell.  But each of the others didn’t quite capture what I wanted Maxwell to be. I will make no more promises on release dates since work, school, friends and life keep getting in the way of my weekly goal of writing Captain X-ploit. I will state however, if you wish to get updates on what’s going on in the world of Trustonia, hop on over to Facebook and fan this series. I will post updates there.

http://www.facebook.com/pages/David-Nicholas-Stone/115707671857486?sk=wall

Why I left Facebook

Posted: July 10, 2011 in general, professional, security
Tags: , , ,
0

Speak my friend, you look surprised
I thought you knew I’d come disguised
On angel wings, dressed in white
From Descent of the Archangel by Kamelot

Last week I finally had enough. The cumulative effect of every sleazy privacy invading stunt that Mssrs. Zuckerberg et al have pulled was definitely part of the motivation. Also the recent departure of several of security blogger “friends” including Richard Stiennon was another part. That, and the reality that I’m already following all of my blogger “friend’s” blogs so Facebook was like a cheesy notification service of new blog entries which is not only redundant  as news aggregators do a much better job, but includes tons of advertising  which I was compelled to filter.

Then there was the simple fact that Facebook is a an incredible time sink [read waste of time]. When I realized that the last two entries in this blog were Captain X-Ploit sagas – and the good captain doesn’t appear that often – it became clear that some priorities were seriously amiss. There were some mitigating factors of course not the least of which is that I work for a company that builds actual products for actual customers and the particular actual product that I’m working on is getting close to release [disclaimer: this is not a product announcement since I have nothing to do with that kind of stuff and is not meant to imply or represent anything about Ricoh products] which means plenty of work and deadlines. And the fact that I spent any time on Facebook is hard to justify.

And then there was a post that was forwarding and reposting it’s way among my less technically savvy (or possibly delusional) “friends” that went like this.

Who says Facebook friends aren’t real friends?.. They enjoy seeing you on line everyday. Miss you when you’re not there. Send condolences when you lose a loved one. Send you wishes on your birthday. Enjoy the photos you post. Put a smile on your face when you’re down. Make you laugh when you feel like crying. Repost if you are grateful for your Facebook friends. I know I am.

Seriously? Come on folks – a Facebook “friend” is an online persona. They are NOT REAL PEOPLE. You may buy into the abstraction that your “friends” represent real people, but I for one have always been very open about the fact that my Facebook profile was completely fraudulent. This was to help mitigate the privacy infringing business model of Facebook. If you really don’t mind letting Facebook have it’s way “monetizing” your personal information with no compensation to you I guess that’s your choice. Sucker.

And then there’s the legal exposure. Yeah that’s right. Legal exposure. Here’s an example from the Electronic Discovery Law blog.

In this case arising from a car accident which the plaintiff claimed resulted in physical and psychological injuries, the parties invited the court to conduct a review of Plaintiff’s social networking accounts “in order to determine whether certain information contained within Plaintiff’s accounts is properly subject to discovery.” Using Plaintiff’s log-in information, the court reviewed Plaintiff’s Facebook account, including “a thorough review of Plaintiff’s ‘Profile’ postings, photographs, and other information.”

But the thing that finally caused me to bail from Facebook was the realization that the Facebook – and nearly all social networking sites’ – business model is fundamentally flawed. This is articulated quite nicely in this article by Bob Garfield in IEEE Spectrum entitled The Revolution Will Not Be Monetized.

1. If you build it and they come, does that guarantee that there’s money to be made? (Hint: No.)

2. Which of Facebook, YouTube, and Twitter will amass the millennium’s first megafortune and a borderless virtual state, with a vast population, political influence, economic clout, and a lair in a hollowed-out volcano from which to control the world’s weather? (Well, you can probably eliminate Twitter.)

3. The Wall Street valuations of companies like Facebook, which is worth US $85 billion on the secondary market, are stratospheric. Should we stockpile ammo and canned goods for when the bubble bursts? (Not a bad idea; remember Pets.com.)

According to the Interactive Advertising Bureau, U.S. advertisers spent $25 billion online in 2010—representing about 15 percent of the $164 billion U.S. ad market and, for the first time, a bit more than their spending on print newspapers. That was no small milestone. But here’s the thing: According to eMarketer, 31 percent of Americans’ media-consuming time in 2010 was spent online. Which means, speaking broadly, marketers valued new-media time only half as much as old-media time. And that’s the rose-colored view. Chris Anderson, curator of the TED Conferences, recently crunched numbers from Nielsen, Forrester Research, the Yankee Group, and other modelers to synthesize the value, medium by medium, of an individual’s time. Globally, print publications fetched $1 per hour of reader attention. TV got a quarter for a viewer hour. Online fetched “less than a dime.”

Why is online advertising such a poor stepchild? Well, extremely delightful and informative books with pale-blue and white covers have been written on this subject, but let’s reduce the problem to its essence: The endless supply of online content means an endless supply of places where ads could go, which by definition depresses demand and, with it, price. Period.

The second problem is more basic still. Ever click on a banner ad? Have you? Ever? Of course not, because why would you leave what you’re doing—especially socializing—to go listen to a sales pitch? The click-through rate, industry-wide, is less than 1 percent—and chalk some of that up to mouse error and click fraud. Some advertisers deal with this problem by popping ads into your face, blaring audio, or subjecting you to “preroll” video messages before the video you actually wish to see. As Anderson sagely observed to a Madison Avenue audience, that was an acceptable quid pro quo in the days of passive TV viewing. Online, though, users are active and in control. “If you take control away from them,” he said, “they will hate you.” Or, put another way: Online, all advertising is spam. These two structural problems leave two possibilities: Either advertising will never be the force in new media that it was in the five predigital centuries (a theory to which I personally subscribe), or someone will crack the code.

Yep. That pretty much covers it. When you are a Facebook “member” [read product] you are essentially trading your privacy for Facebook to convince advertisers that they can target you with spam better than their competitors. It’s not even as clever as Google’s for-fee search engine poisoning (er… Search Engine Optimization) and a whole lot more intrusive.

So there you have it. I really doubt that I will be missed on Facebook. Certainly not by Facebook themselves since I never provided them with any private information and probably not by any “friends” [read online personae that I found amusing] since those who matter in any real way can either call me or find me at this blog. All the others will probably find it refreshing to not be mocked with snarky comments when they post silly nonsense on their walls. And fear not, this blog is still represented on Facebook through the intrepid David Nicholas Stone, AKA Captain X-Ploit. Feel free to become a fan.

Oh – and to my “friend” Mark Zuckerberg - Take the money and run dude! It will get ugly when the investors sober up.

Captain X-Ploit: Put your hands together for Sara Boulder

Posted: May 20, 2011 in general, music, professional, security
Tags: , ,
1

The Adventures of Captain X-Ploit:
“Ladies and gentlemen put your hands together for Sara Rachel Boulder”
– Part 3 of the epic chronicle –
Strangers are just Enemies you haven’t met.

Sara Boulder awoke on that shimmering morning in the softest bed she had scammed her way into yet. She wandered over to her victim’s stereo system scanning the shelves for something good to listen to while she got ready for the day. Her eyes fell upon Seether’s new album “Holding Onto Stings Better Left to Fray”. Well at least this sucker has good taste in music, she thought to herself as she put it in and began to sing happily to “Country song” and…

What? <pause> What do you mean I can’t spend an entire post promoting Seether’s new album? <longer pause> Oh come on, IT ROCKS! <short pause> Ok, ok, fine… anyway.

AFTER getting ready she danced down the stairs and raided her victim’s fridge. The reader might be wondering where the proper owner of this house is. Well, at the very moment she was raiding his fridge he was prancing about the park telling everyone he could, to please visit the nearby pub and tell the bartender the keyword “relevant”. He was under the firm yet mistaken belief that if he could simply get 200 people to visit the pub and do this Sara would go out with him.

One might wonder what thoughts would run through the head of a man this pathetically lonely. Well, his thoughts were as follows. Hmm… I’m really hungry… But I only need to get 192 more people to go to the pub… Damn the park is FULL of balding men today I wonder what they are up to… no bother I’ve got to get this done and then I can win back the keys to my house and a chance with the girl of my dreams…

If he had been a brighter man, he would have noticed that the other balding men were doing the exact same thing with different words Sara had found on a motivational poster in the trash outside of the coffee shop. If he had been a brighter man still he would realize that this, in effect, made it so that none of them would be able to get 20 people to go to the pub let alone 200. If he had been a brighter man still he would not have given her the keys to his house as “collateral for this once in a lifetime chance”.

Sara left his house with a heart melting smile on her flawless face when, in a flash of light,

All time stopped.

She knew this because the people had stopped moving and the door had stopped flying shut in her wake. Hmm, I knew I was pretty but I’ve never broken time with a smile before. Damn… I am magical… hmm, no wait here comes an alien he must want to talk to me… but wait who is that wonderful beast he is dragging along with him, she thought.

“Greetings Miss Boulder, I bring with me…” the alien was in the middle of saying when the gorgeous man interrupted hastily “Wow! A world full of people who don’t move! Oh, I know, we must be in Canada! Yes that’s got to be it.” The alien looked pained by the handsome man’s obvious stupidity as he finished his thought “Maxwell Damian Higgens, perhaps the stupidest life form in existence.”

Note from the author: To my adoring fans I have two gifts. The first is a bit of advice and the second is a promise.

Firstly: Go buy Seether’s new album. It’s good.

Secondly: Since I missed last week due to an amazing and unparalleled bout of apathy I will have a Sunday special edition chronicling the past of one Maxwell Damian Higgens.

Now without further ado, I will leave it to our previously scheduled commenter to discuss this week’s episode of Captain X-Ploit.

If the unexpected back-story detour into the world of Sara Boulder hasn’t given you a severe case of WTF then you probably aren’t paying attention. And what’s up with this new Damian Higgens guy? Guess we’ll find out soon.

This episode’s exploit is a classic. It combines the best (worst) parts of 419 scams with multilevel marketing. Kind of like Nigerian Amway. Seriously though, who hasn’t seen those web sites that offer you something really cool – like say a free iPad – and all you have to do is get 10 friends in on it. In the final analysis nobody gets any free iPads and the spammer gets lots of juicy info from their unwitting down-line. Exactly like the poor balding schmucks trolling the park won’t ever get a date with Sara while she gets free use of their houses.

Older Entries