What the Adventure entails is an Amazing Race style competition with clues and challenges.   While we know that the race will start in Seattle and end in Vegas for the SEMA Show, we don’t know where we will end up in between.  We’ll find out each day when we figure out our clues.  The Adventure will also incorporate race track driving as some of the challenges.  We will have in car internet access for solving clues and navigation and use our smartphones to read Gettag codes to prove we’ve completed our missions.  We’ll have to keep our social network communities informed about what we’re doing.  So this race has the following elements: Amazing Race, a road trip, an auto show, race track driving, gadgets, social media and the internet.  These are all things that I love love love!  If someone says something about monster trucks I think I will have fulfilled every childhood fantasy I’ve ever had (maybe not every because I still need to be an astronaut).  The Adventure is also being covered by the Discovery Channel for a one hour documentary.

What we are competing for is a chance to win this Mopar Charger.  We have not yet decided how we will deal with this car when we win but I call first on it.  Imagine me on the Beltway in that.

The Adventure runs October 26 through November 1 so stay tuned for more updates.

Possibly Related Posts:

• October 26, 2011 -- The Adventure Starts Today!
• January 24, 2012 -- Tonight’s the Night! Autoweek’s America Adventure Will Be on TV #AWAdventure
• November 2, 2011 -- #AWAdventure Day 6 (Final) Recap
• October 11, 2011 -- Official Contenders for the Autoweek America Adventure
• November 1, 2011 -- #AWAdventure Day 5 Recap

With all of that said, I really really like this game for Playstation 3 called PAIN. It’s probably the silliest game one can imagine but I like it. The goal of the game is simple, you fling yourself at various objects in the game in order the cause the most damage. You get points for pain caused to the character that you choose as well as damage you do to other objects.

One somewhat new feature of the game is that you can now record your exploits and upload directly to YouTube or export the video. Here’s exported video of the mayheim:

Cow Asplode

A Series of Booms

This game is not one I would recommend for young impressionable minds as it’s not that politically correct. For instance, their’s an elderly woman with a walker, that always manages to get hit by something even when I try to avoid her – in one environment she runs out into the street (getting hit by a car in the process) if anything happens near her. And there’s a horrid Latina character that’s is just too bootylicious. There’s a lot of sexual innuendo in the game as well that is lost on me. Why do they always feel the need to do that?

All in all the game is hilarious and good for stress relief.

Possibly Related Posts:

• December 23, 2008 -- Sexually Harassed in a Video Game?
• June 7, 2008 -- What America’s Doing Right Now

On December 16, 2008, I received an email from CheckFree, an online bill payment service, saying that my computer may have been exposed to malicious software putting my computer at risk. At first glance, I thought it was a phishing scheme but then noticed that my full name and address were included in the email.  After reading the email again I realized what must have happened.  Customers who tried to log into CheckFree’s bill payment service were redirected to a site that downloaded malware onto their computers.  (Forgive me for being the high-technology crime investigation geek but I was intrigued by that redirection process (called pharming).  I did a paper on phishing and pharming a few years ago but at that time there were no concrete examples of pharming.)  Like phishing, pharming involves sending a user to fake websites that look like the actual site in an effort to get the user’s account credentials or other personal data, but with pharming the URL in the address bar will be that of the actual site making it difficult to identify it as a fake.  In such a case you can’t trust your eyes or your browser.

Without looking further, the drive-by malware download would make it appear that CheckFree had been hacked, however, the criminals did not have to do that.  Pharming instead involves gaining access to a websites domain registrar to point the website URL to a nefarious server.  That is what happened here.  Access to CheckFree’s account at Network Solutions was obtained by sending a phishing email to CheckFree’s system administrators.  The Network Solutions account was then used to point the CheckFree.com domain to a server in the Ukraine.

In this attack, users received a blank page and a drive-by malware injection at CheckFree’s site.  If the attackers had put up a login page instead we would probably be hearing about all kinds of suspicious payments right now.  A login page would have affected more users:  while the malware only affected Windows users, a login page would have affected users regardless of the operating system.  We still don’t know how many customers were affected or what the malware does.

I was not affected outright by this attack for several reasons including that I stopped using the MyCheckFree.com branded bill payment service opting instead to use the one provided by my bank.  The troubling thing about this, however, is that CheckFree is the largest bill payment provider in the United States.  If you are using an online bill payment service provided by your bank, it is most likely a co-branded CheckFree service.  What I have read about this pharming incident is suggests that only users of the MyCheckFree.com website were affected.  But I do wonder if any of their other services could be affected by this attack.  CheckFree has also started notifying customers who use their bill payment service through banks.  In addition, I wonder if any payment information in transit could have been affected or accessed.  I was a developer in the electronic payment group of a bank some time ago and I don’t quite remember if payment information between banks is sent via the domain address or an IP address but it’s a question worth asking.  With the encryption and authentication schemes that they use that might not have been a problem but I haven’t seen it mentioned anywhere.

According to accounts I read, 5 million customers could have been affected by this attack. It is our job as customers to be vigilant in holding companies accountable for protecting our personal data.  To it’s credit CheckFree is contacting customers and offering complementary virus scanning software.  But is that enough?  If the hacker had gained access to customers’ accounts, they would have access not just to bank accounts but also to creditor accounts.  It’s hard to even imagine the amount of work to remedy those kind of consequences.

Photo credit: iStockPhoto

Possibly Related Posts:

• January 3, 2009 -- The Curious Case of Julie Amero
• January 2, 2009 -- Data Loss, Identity Theft and Credit Card Fraud Links
• October 1, 2008 -- Phishers Target State Department Credit Union

During the trial witnesses for the State of Connecticut testified that evidence showed that Amero had to have purposely clicked on the linked for the porn sites. The defense’s expert was not given the opportunity to testify but it was his theory that the computer was infected with malware from a hair website that caused the porn popups. Both theories were wrong. According to a report released by Alex Eckelberry, et. al., who examined the computer’s hard drive after the conviction, the computer was infected with newdotnet, spyware that was installed one week prior to the instance bundled with a Halloween screensaver.

This conviction was thrown out but this has proven all for naught though as Amero has accepted a plea agreement for her new trial due to health problems related to stress. The plea agreement resulted in a $100 fine and revocation of her teaching credentials. So she is essentially being punished though she is clearly innocent. This case drives home something that is of the utmost importance in cases involving electronic evidence – both the prosecution and the defense must utilize qualified experts do a thorough examination of the evidence. Had the prosecution thoroughly examined the drive in a forensically sound manner, they would have no doubt found exculpatory evidence related to this case. Had the defense thoroughly examined the drive, they would have been able to defend against the prosecution presenting actual evidence instead of theories. The best way to counter electronic evidence is not with testimony, demonstrations and shaky theories but with electronic evidence.

In addition to having qualified computer forensic experts, it’s also important to have counsel that is not only computer-literate but also understands electronic evidence. Such counsel on either side would be able to recognize misleading testimony.

With Jammie Thomas’ copyright infringement case, I originally felt that qualified experts were not used because of cost but in both cases, it seems that the reason was more likely lack of awareness of computer forensic experts. In the case of Julie Amero, help from computer forensic experts was received after the case was already in full swing when it was too late. The experts became involved because of the media coverage of the case. How many other cases are involving electronic evidence are going on that aren’t receiving media coverage?

Not only is it a lack of awareness on the part of people who need computer forensic experts but also we (computer forensic experts) don’t seem to make our existence known. To that end, here are some places to find computer forensic experts. Looking at the websites, some don’t seem to focus on people who need to find an expert. The HTCIA, however, has recently created a Computer Forensic Examiner locator.

• International Society of Forensic Computer Examiners
• International High Technology Crime Investigation Association (members are not allowed to work on criminal defense cases unless approved and on a pro-bono basis)
• SANS Institute – Certified Computer Forensics Analysts
• International Association of Computer Investigative Specialists (members are law enforcement)
• High-Tech Crime Cops (mostly law enforcement)

It is important to note that members of some of these organizations don’t do criminal defense work but that does not mean that they wouldn’t given the right case.  Nevertheless these organizations are a good starting point for looking for qualified computer forensic services.

While I use computer forensics to identify unethical and illegal behavior, I don’t think anyone should be punished due to misinterpretation of evidence or because a thorough examination of that evidence was not done.

Possibly Related Posts:

• January 9, 2009 -- CheckFree: A Case of Phishing, Pharming and Drive-Bys
• October 13, 2007 -- Capitol Records, et. al. v. Jammie Thomas

Because it’s difficult to fully convey this kind of information in 140 characters, I decided to put together a “bibliography”.  These links are divided into general information, data collecting third-parties, merchants, banks and government.

General information

Identity Theft More Often an Inside Job
http://www.securityfocus.com/news/1727

Consumer data protection faces legal, tech hurdles
Experts agree that much work needs to be done by lawmakers and technology providers to foster an online environment in which consumer data is better defended from cyber-crime and misuse
http://www.infoworld.com/article/07/04/18/HNaotasummit_1.html

Survey: Congress falling down on data protection
http://news.cnet.com/Survey-Congress-falling-down-on-data-protection/2100-1029_3-5737983.html

Schwarzenegger vetoes data-breach bill
http://www.securityfocus.com/brief/607

Data collecting third-parties

Advertiser Charged in Massive Database Theft
http://www.securityfocus.com/news/9189

Hacker accesses customer information from database manager Acxiom
http://www.securityfocus.com/news/6665

Federal charge filed against Ohio man accused of hacking Acxiom
http://www.securityfocus.com/news/6733

Burned by ChoicePoint breach, potential ID theft victims face a lifetime of vigilance
http://www.securityfocus.com/news/10552

Merchants

Debit-card fraud underscores legal loopholes (Sam’s Club, OfficeMax)
http://www.securityfocus.com/news/11381

TJX completes Mastercard breach settlement
http://www.securityfocus.com/brief/740

Gov’t charges alleged TJX credit-card thieves
http://www.securityfocus.com/news/11530

Ralph Lauren, HSBC in data breach debacle
http://www.securityfocus.com/news/10921

Two retail breaches threaten consumers
http://www.securityfocus.com/brief/411

TJX breach larger than previously thought
http://www.securityfocus.com/brief/441

Report: TJX thieves exploited wireless insecurities
http://www.securityfocus.com/brief/496

ID Theft Alleged at D.C. Blockbuster
Ex-Worker Accused of Taking Customer Data, Spending $117,000
http://www.washingtonpost.com/wp-dyn/content/article/2005/04/25/AR2005042501411.html

Banks

MasterCard warns of massive credit-card breach
http://www.securityfocus.com/news/11219

MasterCard backs off Security, Leave Cardholders at Risk
http://www.securityfocus.com/archive/107/436227

Lessons learned: The Citibank ATM breach
http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1329591,00.html

Citibank debit card fraud highlights ATM vulnerabilities
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9106958

Citibank security breach: undisclosed *internally*, let alone publicly?
http://www.boingboing.net/2006/03/06/citibank-security-br.html

International Citibank Customers Shaken By Data Breach
http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=181502068

Government

TSA loses 100,000 employee records
http://www.securityfocus.com/brief/498

U.S. Government Flunks Computer Security Tests
http://www.securityfocus.com/news/1693

Online attack exposes 197,000 personal records (University of Texas at Austin)
http://www.securityfocus.com/brief/193

Veterans Affairs warns of massive privacy breach
http://www.securityfocus.com/news/11393

Possibly Related Posts:

• January 9, 2009 -- CheckFree: A Case of Phishing, Pharming and Drive-Bys

“11. Making a sammich 12. Ironing my shirt 13. Cooking/Cleaning”

and

“Feminism. lol. Aww that’s precious. Now get me a beer, and while you’re at it get your milkers out..”

While I am appalled at this behavior I am honestly not surprised – especially on Digg.  I’ve noticed on technical sites like CNet and ZDNet as well that any time a post has something to do with women, the rude sexist comments show up.  The funny thing about this is that most of these comments prove the point they are arguing against.  While I won’t say that the entire internet has this attitude there is definitely a common theme.

Since I’m a visual person seeing the following video illustrated this issue for me.  Sony has created a new 3D social gaming community for the Playstation called Home.  It’s very similar to Second Life and currently in open beta.  It appears that whenever a female avatar appears the male avatars mob her – many crowding her space and some asking for sex.  My boyfriend had access to the beta and witnessed this behavior first hand – as a matter of fact, he didn’t want me to go on there to be subjected this behavior myself.  Instead he shared a link this video:

Horny Players in Playstation Home

While this is not actual sexual harassment or sexual assault, there’s definitely something to be said about it.  I’m not a psychologist but I think it could have the a similar effect.  There are after all actual people sitting behind that game controller.  It’s ridiculous that a woman/girl can not go about her merry way exploring the community without this crazy behavior.  (It actually reminds me of a few guys in the computer science program when I was in college and also of the time when I got so many IMs from guys in AOL days that my computer couldn’t handle it and reset.)  The excuse is that guys aren’t used to seeing girls in gaming environments, in tech classes or whatever and that boys will be boys.  None of this is a valid reason for this blatant disrespect of women.

There are some guys who have taken offense to these activities as well an have started reacting to it.  Watch the two videos below:

The Art of the Quincy

Perverts on Home

What these guys are doing may deter some of the behavior but what difference does it make?  There are still guys that think that women are put on this earth for the sole purpose of being their personal enjoyment.  And that is the problem.

Possibly Related Posts:

• April 21, 2009 -- Not a Gamer, But …
• June 7, 2008 -- What America’s Doing Right Now

From what I recall going over the history of computers as a computer science major (seemed every class included history), there are several types of computer – super computers, mainframes, mini computers, workstations, and microcomputers also known as personal computers.  These are not platforms but instead based on scale and usage.  A personal computer (PC) is any computer that is meant to have one user at a time.  Whether the computer is running Microsoft Windows, Mac OS or Linux it is still a personal computer.

What is commonly referred to as PCs now was once called IBM or IBM-compatible computers. I’ve always heard that IBM and Microsoft made decisions that propelled them to have the majority of the personal computing market share and Apple made decisions that caused them not to, even though they had a graphical user interface long before Microsoft even dreamed of having one. It has been generally accepted that Mac had a better product than IBM. I’m not arguing for or against that. What I am disputing is that Mac could be “versus” PC when it is in fact a PC as well.

Did Microsoft claim “PC” as their own? Or did Apple seek to differentiate itself from the Windows-based computers by calling them PCs?  It’s time for some conjecture and unsubstantiated speculation.  What I imagine happened was that Microsoft claimed the term PC (IBM once claimed PC to differentiate itself from other microcomputers).  Microsoft does, after all, have an overwhelming majority of the personal computer operating system market.  Then Apple decided to sell the belief that their product is better than the PC.  I’ll agree that the Mac operating system is better than Windows but that doesn’t mean the hardware is as well.  Apple has to tell us that though because their machines cost twice as much as a comparable Windows-based machine.  And along with this “belief” comes some free advertising from Apple as I notice some people who own Macs are very specific about their computers.  They don’t say “I’m using my laptop” but instead “I’m using my Mac Book Pro.”  Instead of just saying “computer” they say “Mac mini” or “iMac”.

The thing that bothers me about Apple’s commercials as well as Microsoft’s “I’m a PC” commercials is that neither are about the technology itself.  Most consumers (Mac users included) don’t even know anything about the specs of their computers nor what the full capabilities even are.  What these companies are selling is lifestyle.  It’s not about the technology at all – it’s about marketing. If it were about technology, it would be “Mac OS vs. Windows” or “iMac vs. Dell” and so on. If they made it about technology someone might ask why Apple would allow Windows to run on the machines via Boot Camp. That also begs the question of whether Apple will allow folks to run Mac OS on cheaper non-Apple machines which probably won’t happen soon.

Anjuan Simmons, a fellow Twitterer, says this kind of marketing works because humans are tribal by nature. He’s probably right because the Windows vs. Mac argument tends to go the same way as the Republican vs. Democrat, Redskins vs. Cowboys, Coke vs. Pepsi and any number of other heated arguments. I personally don’t understand how so much emotion gets involved in what boils down to personal preference.

Possibly Related Posts:

• December 16, 2008 -- Does the OS Matter?

I’ve had Linux (Fedora) installed on another PC for over three years but never used it for everyday tasks.  What made me go with Ubuntu this time is that, my aunts both are having problems with their older computers and are likely not to buy new computers.  I planned to install Ubuntu on them but wanted to use it myself to see if it was viable for an average computer user and to be able to answer their questions.  I was so pleased with my use of it that I’ve decided to continue using it.  For what most people do with their computers – word processing, spreadsheets, surfing, etc. – Ubuntu is a viable option.  I also decided to install it on my nephew’s laptop as he was also having issues with Windows and I’ve already reinstalled Windows twice for him.

Over Thanksgiving, I installed Ubuntu along with a few other apps onto hard drives (so graciously donated by Phil Shapiro) so that I could just swap the hard drives and go.  For one aunt this didn’t go so well.  I assumed that because Ubuntu ran so well on my old computers that it would run the same way on other old computers.  The mistake I made here was that I forgot that I normally have more memory and a better processor than the average user buys.  The other aunt has Ubuntu running now but her computer is slow as well.  For both aunts, I’m going to give them my old computers to make their experience better.  My nephew on the other hand has a laptop that’s only about two years old.  He’s having no problems whatsoever.  As a matter of fact, I didn’t even have to show him how to use Ubuntu.  He just figured it out.

That’s the real point of this post.  Even though I’m trying to help my aunts, this whole exercise is an experiment. I don’t believe that computers have to be expensive.  I also don’t believe that people should have to purchase a new computer every time Microsoft or whoever updates their operating system.  This current environment makes computer ownership more expensive than it has to be and it also increases the digital divide. Computers that are a few years old can be revived.  And wouldn’t it be great if some of these revived computers ended up in the hands of less fortunate kids whose parents can’t afford to buy the latest Vista or Mac machine?

While this is only an idea that I have at this point, Ken Starks of HeliOS Solutions in Austin, Texas is already doing this.  I stumbled upon this post where he talks about opposition he received from a teacher to distributing Linux.  The part of the teacher’s email that I took issue with most was the following:

I admire your attempts in getting computers in the hands of disadvantaged people but putting linux on these machines is holding our kids back.

This is a world where Windows runs on virtually every computer and putting on a carnival show for an operating system is not helping these children at all. I am sure if you contacted Microsoft, they would be more than happy to supply you with copies of an older verison (sic) of Windows and that way, your computers would actually be of service to those receiving them…”

Oh really?  If we are teaching kids to use computers aren’t the tasks that they are completing more important than navigation in the operating system.  If word processing, spreadsheets, email, and the internet all are the same, what does the OS matter?   If you can use Internet Explorer, don’t you automatically know how to use Firefox?  And if you know how to send email, does it matter that you’re not using Outlook?  My nephew’s laptop came with Windows XP installed and I’m sure that every computer he has ever used has Windows on it.  But he was able to figure out Ubuntu.  Am I doing a disservice to him?  I think not.  If the kid has experience using Linux he’s already ahead of the curve.  Not to mention that Linux will be safer for him in terms of catching nasty viruses and trojans on the internet.

The fact of the matter is that the tasks are what matters in using a computer, not the OS.  The OS’s job is to get the heck out of the way and let users do what they need to do.  It’s true that some operating systems, are better suited for certain tasks (i.e. Macs are better suited for design) but for everyday tasks, it really doesn’t matter.  What matters is that kids get experience using computers and access to the wealth of information available on the internet.

Possibly Related Posts:

• December 22, 2008 -- Mac vs. PC?
• October 15, 2008 -- Feed the Body AND the Mind
• September 5, 2008 -- What Inspires You?

There were a number of demos including the On the Go Demonstration, the Partner Device Demonstration and the XOHM Water Commuter Experience.

On the Go

During the On the Go Demonstration we rode around Baltimore in a party bus downloading lots of content.  The XOHM guy had Men in Black playing along with a video from CNBC while tracking our position on Google Maps.  Three other laptops were all playing video as well.  I personally had five hulu.com videos running at the same time.  The XOHM guy went to speedtest.com while all of this was going on – we were getting 4 Mbps download and 289 Kbps at the time.  We learned that Baltimore has 180 WiMAX cell sites.

Partner Device Demonstration

Next I check out the Partner Device Demonstration.  There were laptops by Lenovo, ASUS and Toshiba that all contained the embedded WiMAX chip. That chip also includes standard WiFi technology.  What caught my attention though was the Nokia N810 WiMAX Enabled Internet Tablet.  I watched a few YouTube videos on it.  It was definitely better watching YouTube videos on my 3G iPod.  How much better is hard to say, however.  I was impressed as the device also allows GoogleTalk video calls.

Water Commuter Experience

Next up was the water taxi demonstration.  We zipped around the Baltimore Harbor on a water taxi while surfing on four laptops.  Again I tried to get as many hulu videos going at the same time but I got distracted trying to figure out the coverage area.  It was definitely neat to be able to use the internet in the middle of water but it made me think of working while commuting on the boat.  On a positive note, I can see folks who live in house boats and boat based businesses now having access to a reliable internet connection.  While on the boat I learned that XOHM’s current coverage area includes a little more than half of Baltimore city’s population of 2 million.

I thoroughly enjoyed the event but I wish I would have been able to play with WiMAX on my own computer to compare to my own personal usage.  XOHM’s WiMAX comes to Washington, DC, and Chicago next but no date was given for the rollouts.

Possibly Related Posts:

• October 8, 2008 -- 4G Coming to Town
• September 5, 2008 -- What Inspires You?

WiMAX (worldwide interoperability for microwave access) refers to a standard designed to provide high-bandwidth wireless services on a metropolitan scale – think public WiFi on steriods.  Reportedly, WiMAX download speeds rival that of a traditional DSL connection.  WiMAX differs from WiFi in that while WiFi tends to work in a radius of about 30 meters, WiMAX’s footprint is 3 kilometers.  What does that mean to you?  Essentially WiMAX can easily blanket an entire city to provide wireless access.  Not only that, the network speeds are not greatly compromised as with WiFi at the outer limits of coverage.

WiMAX technology is not compatible with existing WiFi devices so compatible air cards or modems must be purchased.  If you’re in the market for a new laptop, I hear that Asus and Lenovo are coming out soon with models with built in WiMax cards.

Today is the official launch event for the XOHM service in Baltimore.  If you’re not in Baltimore, XOHM WiMax could be coming to your city soon.  According to XOHM.com, Chicago and Washington, DC are coming soon while Dallas, Fort Worth, Boston, Providence, and Philadelphia are in the works.

More about XOHM:

• XOHM
• Sprint’s Xohm Network Is Dead; Long Live Xohm
• Winner: Sprint’s Broadband Gamble

More about WiMAX:

• WiMAX Forum
• WiMAX and Wi-Fi: Separate and Unequal
• WiMax: Just Another Security Challenge?

Photo credit: rkelland

Possibly Related Posts:

• October 9, 2008 -- WiMAX Launch in Baltimore