ZDNet has an article entitled Massive Surge in Spam.

I’ve often made the argument that we hardly take the cost of spam seriously enough. May I suggest that we consider spam as micro-kidnappings or distributed shortening of lifespans. How so?

Let’s say a professional spammer sends out, conservatively, 100 million spams a week (article regarding one spammer allegedly having sent over 2 billion spams) and that each spam requires merely three seconds of human time (Australia’s Internet expert says 5 seconds per ) invested either in

• hitting a delete button
• working to purchase anti-spam software
• configuration and updating of the aforementioned software
• hiring technical staff at one’s company to address spam or
• any number of other incidental costs
• helping non-techie relatives and friends deal with their spam problems
• venting on a blog about the spam problem

300 million seconds is 5,000,000 minutes or 83,333 hours or 3472 days or 9.5 years of human potential stolen… per week. Allowing one spammer to continue like this for two months would exceed the average lifetime of human potential.

Let’s not even discuss what the billions spent on ameliorating spam could do if available to be used in healthcare, instead.

So, to address this, I’ve created a Spam Is Murder counter: Virtual Human Deaths by One Spammer calculated since the beginning of the 21st Century (that’s 1 January 2001, folks). That’ll appear in the left sidebar for a long time.

Of course, there are other solutions to the problem of spam.

What’s your solution?

Note: The opinions expressed in this article are not shared by the entire staff of TechTalk.

Long before he voiced South Park’s Chef, Isaac Hayes was probably most famous for his theme song to the classic 70’s movie Shaft. Pardon the parody, but the Advanced Access Content System (AACS), the consortium of companies that oversees DVD copy protection, would not like us to sing this tune:

You see this HD DVD encryption shafting is a bad mother–
(Shut your mouth)
But I’m talkin’ about shafting HD DVD encryption
(Then we can digg it)

Go read Social networking gets major challenge at Digg

Oh, and as of today, there are 1.7 million sites that Google sees mentioning 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-+63-56-88-c0

I love WordPress. I’ve loved it since it was B2. The new WordPress Theme Generator is just plain great.

Only improvement would be enabling the following configurations:

1. SIDEBAR-SIDEBAR-BODY
2. SIDEBAR-BODY-SIDEBAR
3. BODY-SIDEBAR-SIDEBAR

With header and footer areas above and below, respectively.

h/t: Weblog Tools Collection

This spin on an old tactic brings me to my college days in the early 1980’s where a common “hack” was to program one of the terminals in the computer room to look like a login screen. One by one, students would walk up, try to log in with their account ID and password and give up after a few tries, going to another open terminal… unaware that they had just entered their account and password into a password stealer.

The Los Angeles Times reports that hackers’ latest tactic is to steal information is setting up fake hotspots that users unwittingly use to access Internet.

March 16, 2007

As Los Angeles and hundreds of other communities push to turn themselves into massive wireless hotspots, unsuspecting Internet users are stumbling onto hacker turf, giving computer thieves nearly effortless access to their laptops and private information, authorities and high-tech security experts say.

It’s an invasion with a twist: People who think they are signing on to the Internet through a wireless hotspot might actually be connecting to a look-alike network, created by a malicious user who can steal sensitive information, said Geoff Bickers, a special agent for the FBI’s Los Angeles cyber squad.

It is not clear how many people have been victimized, and few suspects have been charged with Wi-Fi hacking. But Bickers said that over the last couple of years, these hacking techniques have become increasingly common, and are often undetectable. The risk is especially high at cafes, hotels and airports, busy places with heavy turnover of laptop users, authorities said.

“Wireless is a convenience, that’s why people use it,” Bickers said. “There’s an axiom in the computer world that convenience is the enemy of security. People don’t use wireless because they want to be secure. They use wireless because it’s easy.”

For Mark Loveless, just one letter separated security from scam.

Logging on to his hotel’s free wireless Internet in San Francisco last month, Loveless had two networks to choose between on his laptop screen — same name, one beginning with a lowercase letter, one with a capital. He chose the latter and, as he had done earlier that day, connected. But this time, a screen popped up asking for his log-in and password.

Loveless, a 46-year-old security analyst from Texas, immediately disconnected. A former hacker, he knew an attack when he saw one, he said.

Most Internet users do not.

About 14.3 million American households use wireless Internet, and this figure is projected to grow to nearly 49 million households by 2010, according to JupiterResearch, which specializes in business and technology market research.

“There’s literally probably millions of laptops in the U.S. that are configured to join networks named Linksys or D-Link when they are available,” said Corey O’Donnell, vice president of marketing for Authentium, a company that provides security software. “So if I’m a hacker, it’s as easy as setting up a network with one of those names and waiting for the fish to come.”

Linksys and D-Link are two of the many commercial brands of wireless routers, products that allow a user to connect to the Internet using radio frequency.

As the field of wireless connectivity expands, so too does a hacker’s playground. More than 300 municipalities across the country are planning or already operating Wi-Fi service.

Los Angeles Mayor Antonio Villaraigosa last month announced plans for citywide Wi-Fi in 2009. USC already offers free wireless, and by the end of March, Los Angeles International Airport will officially offer wireless at all its terminals under a new contract with T-Mobile.

Some airlines already offer Wi-Fi at LAX. “There are no signs for any service at all, so if any passenger is accessing a free wireless service … they should be cautious,” said Nancy Castles, an airport spokeswoman.

A survey at Chicago’s O’Hare Airport by Authentium revealed 76 peer-to-peer networks, or access points that are connected to via another user’s computer, with 27 of them advertising access to free Wi-Fi — a trademarked term for the technical specifications of wireless local area network operation. The company also found that three of the networks had fake or misleading addresses, one sign the hotspots could be hackers.

“At a busy place like O’Hare, in one hour a bad guy could get 20 laptops to connect to his network and steal the users’ account information,” said Ray Dickenson, vice president of product management at Authentium, who conducted the survey last September.

Corporate networks are sometimes the most vulnerable, as employers push for a more mobile workforce without always educating its users on the security risks of wireless Internet.

Many workers rely on corporate firewalls in the office and an automatic default network setting that links them to their corporate networks. Outside the office, the firewall is no longer in place. That means the computer is unprotected. Once hackers have “got a toehold in a network, it’s pretty much game over,” Bickers said.

Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. That leaves people open to hacking.

In two new attacks, called “evil twin” and “man in the middle,” hackers create Wi-Fi access points titled whatever they like, such as “Free Airport Wireless” or an established, commercial name.

In the “evil twin” attack, the user turns on a laptop, which may automatically try to connect. When it does, it is connecting to a fake access point, or “evil twin,” and the hacker gets into personal files, steals passwords or plants a virus.

The hacker can become a “man in the middle” when he funnels the user’s Internet connection through this false access point to a true wireless connection. The unsuspecting Wi-Fi surfer may then proceed to enter credit card information, access e-mail or reveal other sensitive data that can be tracked by the hacker. Meanwhile, the session appears ordinary to the user.

Although the FBI has been aware of this kind of attack for about five years, its use has increased in the last couple of years and is being seen as a “huge threat,” Bickers said.

“The actual tools you need, the software, the hardware, etc., to mount this sort of attack has become insanely easy to acquire,” Bickers said. “You need a laptop, wireless radio and the ability to download a free tool and run it. It literally is child’s play.”

The creation of the access point itself is not generally considered criminal; it’s what happens next — tracking people’s Internet use — that can cross the line.

These hacking techniques are considered to be “tantamount to a computer intrusion and illegal interception of wireless communication that can be prosecuted under federal law,” Bickers said.

But computer evidence and statistics are hard to come by, said Arif Alikhan, a former federal prosecutor and former chief of the cyber and intellectual property crimes section for the U.S. attorney’s office in Los Angeles. People can unwittingly compromise their computers in a multitude of ways, and often there’s no trace.

“You can tell how many burglaries occur because you’re victimized, and someone knows they’re victimized,” Alikhan said. “People don’t always know if someone is using their wireless network, and it’s very difficult to tell unless you trace back every single connection…. It happens more than I think we all realize.”

The U.S. attorney’s office will not comment on pending investigations; however, wireless hacking cases are relatively new, and few if any current cases involve “evil twin” or “man in the middle” attacks, law enforcement authorities said.

“This is a classic case of law and law enforcement being a little behind the technological curve,” Bickers said.

Other types of wireless-related Internet hacking cases have recently popped up across the country.

Nicholas Tombros was found guilty in 2004, under the federal Can-Spam Act, of “war-spamming.” He drove around the Venice Beach area with his laptop and used unprotected wireless access points to send spam. He could receive up to three years in federal prison at his sentencing next month.

He is the only defendant who has been charged in a case involving wireless hacking by the Greater Los Angeles section of the U.S. Department of Justice’s cyber and intellectual property crimes division since it was established in October 2001, according to Assistant U.S. Atty. Wesley L. Hsu, deputy chief of the section.

“They are technically difficult cases…. They’re difficult cases to put together, so law enforcement is having to sort of catch up,” Hsu said.

On Sept. 30, Gov. Arnold Schwarzenegger signed into law the Wi-Fi User Protection Bill, which aims to block unauthorized sharing of open Wi-Fi networks and inform users of the dangers of unsecured networks. Starting in October, warnings and tips will be required on all wireless home-networking equipment sold in California.

The law specifically addresses “piggybacking” — or the use of another person’s wireless network to access the Internet — a problem that security experts say has been a concern for years.

Do you have any Hotspot Horror Stories? Tell us in the comments, below.

I’m usually on the bleeding edge of technology, but have been a slow adopter of adding audio to websites and blogs I manage. This week, my Logitech 350 headset arrived and in under 45 minutes, I had online audio.

I’m going to explain how you can accomplish the same in one-third the time, assuming you have your own website and can FTP or transfer files to it and that you know how to do that. Oh, and I’m assuming you’re using a PC and not a Mac. Macs come out of the box better at doing multimedia than PCs do. If you’re a Mac guru and aren’t too haughty about it, comment on how you create your podcasts and I’ll gladly link to your site. The program I’m using has both PC and Mac versions.

• Buy decent USB headset. Plug it in. As I mentioned, above, I got the Logitech 350
• Download and install Audacity. Windows has a silly Sound Recorder program that has a 60-second limit. Audacity has tons of bells and whistles that I’ll never need. Don’t get the Beta version unless you’re feeling daring. There is also a version of Audacity for Macs.
• Download and install the MP3 LAME encoder for Audacity for your PC or Mac. This will add an Export as MP3 command to your Audacity allowing you to convert big WAV files to smaller MP3 files suitable for websites or copying to your iPod or MP3-ready PDA (I’ve got a Palm Tungsten E).
• Start Audacity. Click the image to the right to display the Audacity screen.
  1) Change the audio rate from 44000 to 11500 rate by pressing the 44000
  2) Press the red record button to start.
  3) Press the square to stop or || to pause.
  4) Press the green arrow to play.
  5) From the File menu, select Export as MP3. The first time you do this, you will be prompted to locate the LAME MP3 encoder whereever you installed it.

Upload it to your site to an easy-to-remember location like www.mysite.com/audio/2007Feb08-YourName-YourTopic.mp3

My habit is to name my files with the date, the speaker and the topic. This makes them easily identifiable at a glance.

Now listen to the result:

COMING SOON: Want good marketing content for your website? From your desk — and without a recording studio — you can record and publish 5-minute audio interviews with your enthusiastic clients on how your company solved their business problems. Oh, and aside from the headset you already bought to do the podcast recording, above… it’s FREE! Look for my next article next week as I focus on inexpensive applied business technology.

Add Techtalk’s RSS feed to your feedreader so you’ll keep abreast of the latest news.

You probably didn’t notice, but the Internet suffered a set of attacks on its infrastructure today stronger than anything seen since 2002.

There are 13 primary “Root” servers that serve as the authoritative domain name to IP address naming devices for the whole Internet. All other Domain Name System (DNS) Servers update their mapping tables from these root servers either directly or indirectly through some number of intermediaries. 3 of the 13 root servers were pounded Tuesday and temporarily overwhelmed. The attack was focused on boxes serving public domain spaces like .org and the US Department of Defense (apparently .mil but unclear from the wire reports).

The 12 hour attack was reported as a reasonably straightforward denial of service attack, but was remarkable mostly in scope and volume of data slamming down the pipes into 3 key servers. More on ZD News, the BBC or more interestingly on LittleGreenFootballs where the back and forth comments are much more fun to read.

Here’s the story:

WASHINGTON - Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet’s most vital pipelines.

The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center. “Maybe to show off or just be disruptive; it doesn’t seem to be extortion or anything like that,” Wessels said.

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.

The attacks appeared to target UltraDNS, the company that operates servers managing traffic for Web sites ending in “org” and some other suffixes, experts said. Officials with NeuStar Inc., which owns UltraDNS, confirmed only that it had observed an unusual increase in traffic.

Among the targeted “root” servers that manage global Internet traffic were ones operated by the Defense Department and the Internet’s primary oversight body.

Check it out, with comments from the forces of truth, goodness and the American way at LittleGreenFootballs.com.

Wikipedia news points to an article DDoSers bombard Military root server (and more) on The Register.