,

The peach-faced lovebirds are back in our Phoenix garden

When we moved to Arizona, we were surprised and delighted to see funny little parrots flying around our garden. Turns out that the rosy-faced lovebirds (which used to be called peach-faced lovebirds, but we can’t get used to the new name) are now resident in greater Phoenix.

These delightful birds are natives of Africa but were released into the Arizona desert either intentionally or accidentally. In any case, they are thriving. Says the Wikipedia,

It inhabits dry, open country in southwest Africa. Its range extends from southwest Angola across most of Namibia to the lower Orange River valley in northwest South Africa. It lives up to 1,600 metres above sea-level in broad-leaved woodland, semi-desert, and mountainous areas. It is dependent on the presence of water sources and gathers around pools to drink.

Escapes from captivity are frequent in many parts of the world and feral birds dwell in metropolitan PhoenixArizona, where they live in a variety of habitats, both urban and rural. Some dwell in cacti and others have been known to frequent feeders in decent sized flocks.

A 2013 story in the Arizona Republic goes farther about the Agapornis roseicollis:

Troy Corman of the Arizona Field Ornithologists, an organization of birders and professionals dedicated to public knowledge of the state’s avian inhabitants, was unsurprised by my fascination.

“These spunky and noisy, bright-green birds seem to attract a lot of attention,” he said.

Their unpredictable visits to city parks and backyard bird baths are said to be huge hits with residents, but the birds are not common sights. Most people I’ve spoken to immediately knew the birds I was talking about but had seen them just once or twice.

Corman co-wrote his organization’s status report on the lovebirds of Phoenix, explaining that they’ve been on the loose as feral flocks since at least the mid-1980s. Their breeding success here — and only here, among places the birds may have escaped within the United States — apparently owes to the comfortably dry and warm climate, ready availability of water and good supply of foods from native and exotic plants, including palm fruit, cactus fruit, apples and various seed pods, including the paloverde’s.

We had lovebirds in our garden in 2014 and 2015, but didn’t see any last year. However, now we are hosting them again on our feeders. This morning, we had six of those beautiful birds. Yay!

,

Bring a friend to worship services with you

Judaism is a communal religion. We celebrate together, we mourn together, we worship together, we learn together, and we play together. The sages taught, for example, that you can’t study Torah on your own. We need 10 Jewish adults, a minyan, in order to have a full prayer service. Likewise, while we may observe Shabbat, Hanukkah, and Passover at home, it’s a lot more fulfilling to come together on Friday nights at the sanctuary, at the annual latke fry, or at the community seder.

When we love something, we want to share it. So why not be inspired to bring our Jewish friends into the kehilla kedosha (holy community), embracing them within a wonderful, sacred congregation? You’re not pushing membership on them, but rather inviting them into a loving community where they will be welcomed. Likewise, if they already are affiliated with a synagogue, that’s fine, too. This isn’t a zero-sum game; it’s an opportunity to build connections between and among communities. Our doors are wide enough for everyone who wishes to enter.

In my latest post on the Reform Judaism blog, I suggest five specific ways you can include your friends – from work, your yoga class, the dog park, or wherever you meet them – in synagogue activities.

, , ,

Congress votes against Internet customer privacy; nothing changes

It’s official: Internet service providers in the United States can continue to sell information about their customers’ Internet usage to marketers — and to anyone else who wants to use it. In 2016, during the Obama administration, the Federal Communications Commission (FCC) tried to require ISPs to get customer permission before using or sharing information about their web browsing. According to the FCC, the rule change, entitled, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” meant:

The rules implement the privacy requirements of Section 222 of the Communications Act for broadband ISPs, giving broadband customers the tools they need to make informed decisions about how their information is used and shared by their ISPs. To provide consumers more control over the use of their personal information, the rules establish a framework of customer consent required for ISPs to use and share their customers’ personal information that is calibrated to the sensitivity of the information. This approach is consistent with other privacy frameworks, including the Federal Trade Commission’s and the Administration’s Consumer Privacy Bill of Rights.

More specifically, the rules required that customers had to positively agree to have their information used in that fashion. Previously, customers had to opt-out. Again, according to the FCC,

Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Sounds good, but Congress voted in March 2017 to overture that rule. Read about what happened — and what consumers can do — in my story for Zonic News, “U.S. Internet Service Providers Don’t Need To Protect Customer Privacy.”

,

Blue passion vines are ready for butterflies and caterpillars

To our delight this morning, our new Blue Passion vines had their first flowers. Passiflora caerulea is an amazing plant. It grows these colorful and complex flowers, which only last about one day, but there’s a long array of buds in various stages of development, so we’ll have blooms nearly every day for months.

The Gulf Fritillary butterfly common here in Phoenix (Agraulis vanillae) lays its egg on the passion vine. The colorful caterpillars munch on the leaves, and build their chrysalis there, becoming a new butterfly. The lifecycle continues.

We purchased two Blue Passion vines a few years ago. We totally enjoyed their gorgeous flowers, and hundreds of caterpillars and butterflies that created a beautiful ecosystem — every morning we’d go outside and check for new flowers and new caterpillars. Unfortunately both vines died last winter. In early March we purchased three replacements, and the first flowers opened today. The Gulf Fritillary caterpillars (which we nicknamed Fruities) are flitting around it, so I expect we’ll have eggs, and caterpillars, very soon.

Isn’t nature grand?

, ,

Top Do’s and Don’ts for creating friendly calendar invites

“Call with Alan.” That’s what the calendar event says, with a bridge line as the meeting location. That’s it. For the individual who sent me that invitation, that’s a meaningful description, I guess. For me… worthless! This meeting was apparently sent out (and I agreed to attend) at least three weeks ago. I have no recollection about what this meeting is about. Well, it’ll be an adventure! (Also: If I had to cancel or reschedule, I wouldn’t even know who to contact.)

When I send out calendar invites, I try hard to make the event name descriptive to everyone, not just me. Like “ClientCorp and Camden call re keynote topics” or “Suzie Q and Alan Z — XYZ donations.” Something! Give a hint, at least! After all, people who receive invitations can’t edit the names to make them more meaningful.

And then there’s time-zone ambiguity. Some calendar programs (like Google Calendar) do a good job of tracking the event’s time zone, and mapping it to mine. Others, and I’m thinking of Outlook 365, do a terrible job there, and make it difficult to specify the event in a different time zone.

For example, I’m in Phoenix, and often set up calls with clients on the East Coast or in the U.K. As a courtesy, I like to set up meetings using the client’s time zone. Easy when I use Google Calendar to set up the event. Not easy in Outlook 365, which I must use for some projects.

Similarly, some calendar programs do a good job mapping the event to each recipient’s time zone. Others don’t. The standards are crappy, and the implementations of the standards are worse.)

There’s more than the bad time-zone mappings. Each Web-based, mobile, and desktop calendar app, even those that claim to conform to standards, has its own quirks, proprietary features, and incompatibilities. For example, repeating events aren’t handled consistently from calendar program to calendar program. It’s a real mess.

Here are a few simple do’s and don’ts for event creators. Or rather, don’ts and do’s.

  • DON’T just put the name of the person you are meeting with in the event name.
  • DO put your name and organization too, and include your contact information (phone, email, whatever) in the calendar invite itself. Having just a conference bridge or location of the coffee shop won’t do someone any good if they need to reach you before the meeting.
  • DON’T assume that everyone will remember what the meeting is about.
  • DO put the purpose of the meeting into the event title.
  • DON’T think that everyone’s calendar software works like yours or has the same features, vis-à-vis time zones, attachments, comments, and so-on.
  • DO consider putting the meeting time and time zone into the event name. It’s something I don’t do, but I have friends who do, like “ClientCorp and Camden call re keynote topics — 3pm Pacific.” Hmm, maybe I should do that?
  • DON’T expect that if you change the event time on your end, that change will percolate to all recipients. Again, this can be software-specific.
  • DO cancel the event if it’s necessary to reschedule, and set up a new one. Also send an email to all participants explaining what happened. I dislike getting calendar emails saying the meeting date/time has been changed — with no explanation.
  • DON’T assume that people will be able to process your software’s calendar invitations. Different calendar program don’t play well with each other.
  • DO send a separate email with all the details, including the event name, start time, time zone, and list of participants, in addition to the calendar invite. Include the meeting location, or conference-call dial-in codes, in that email.
  • DON’T trust that everyone will use the “accept” button to indicate that they are attending. Most will not.
  • DO follow up with people who don’t “accept” to ask if they are coming.
  • DON’T assume that just because it’s on their calendar, people will remember to show up. I had one guy miss an early-morning call he “accepted” because it was early and he hadn’t checked his calendar yet. D’oh!
  • DO send a meeting confirmation email, one day before, if the event was scheduled more than a week in advance.

Have more do’s and don’ts? Please add them using the comments.

, ,

New phishing scam referencing a company called FrontStream

We received this realistic-looking email today claiming to be from a payment company called FrontStream. If you click the links, it tries to get you to active an account and provide bank details. However… We never requested an account from this company. Therefore, we label it phishing — and an attempt to defraud.

If you receive a message like this, delete it. Don’t click any of the links, and don’t reply to it either. You’ve been warned.

From: billing [email address at frontstream.com]
Sent: Wed, Mar 22, 2017 10:34 am
Subject: New Account Ready for Activation

Dear [redacted],

Your account is now available at our FrontStream Invoicing Website for you to view your existing outstanding invoices and make payment. You can directly activate your account here:

[link redacted]

Or you can go to the FrontStream Invoicing website [link redacted], select ‘REGISTER’ option and go through the activation process. Below is your detailed account information from our record. They’re required in order to complete your account activation.

Customer Number: [redacted]

Phone Number: [redacted]

Activation Code: [redacted]

Sincerely,

Accounts Receivable

UPDATE MARCH 22

I tweeted about this blog post, and @FrontStream replied:

@zeichick Sorry for the confusion! The email was sent in error from our customer invoicing system. We’ll be following up with more details.

Given that we aren’t a FrontStream customer, this is peculiar. Will update again if there are more details.

UPDATE MARCH 27

Nothing more from FrontStream.

, ,

New ban on flying with a laptop or tablet means the terrorists win

The U.S. and U.K. are banning larger electronic items, like tablets, notebooks and DLSRs, from being carried onboard flights from a small number of countries. If that ban spreads to include more international or even domestic flights, this will result in several nasty consequences:

1. Business travelers may be unable to bring computers on trips at all. Some airlines ban checking luggage with lithium ion batteries into the cargo hold. Nearly all of these devices use LIB. If you can’t carry them onboard, and you can’t check them, they must stay home, or be overnighted to the destination. Shipping those devices may work for some people, but it’s a sucky solution.

2. Even if you can check them, there may be a surge of thefts of these costly electronic goodies from checked baggage. I always carry my expensive pro-grade DSLR and lenses onboard, and never check them. Why? I’m worried about theft and about breakage — that stuff is fragile. If I had to check my camera gear, they’d stay home. Same with my notebook and tablets. There is too much opportunity for stuff to disappear, especially when anyone can easily obtain a universal key for those silly TSA locks. Yes, a family member lost a DSLR from checked luggage.

3. This messes up the plans of airlines who are moving to a BYOD-centric entertainment model. Forget the drop-down TV screens playing one movie. Forget the individual seat-back TV screens offering a choice of movies, TV shows and video games. Airlines are saving money, saving weight, and making customers happy by ditching the electronics and using onboard WiFi to stream entertainment to the passengers’ phone, tablet or laptop. (And they get to charge for air-to-ground WiFi.) According to the Economist, 90% of passengers bring a suitable device. Everyone wins, unless devices are banned. No tablets? No laptops? No onboard entertainment.

The answer to terrorist threats isn’t security theater. Address the risks in an intelligent way, yes. Institute stupid rules that affect all travelers, no. One guy tries to light his shoe on fire, and now you have to take off your shoes to go through airport screening. And now there’s a “threat” and so here’s a new limitation on people making international flights.

That’s how the terrorists win and win and win.

,

Having fun with a vintage HP-28S calculator

Today’s calculation device is this lovely vintage HP-28S “advanced scientific” calculator from the late 1980s.

As a working calculator, it’s not my favorite. HP gets points for creativity, but the clamshell design makes for an awkward user experience. I’m finding it frustrating to use because each line on the display is hard to read, there are too many keys, and the visual cues are subtle. It is also hard to pry the clamshell open.

The keys do have a nice clickiness to them. If you are doing basic math, you can fold the alphanumeric left part of the clamshell behind the right part.

Functionally, the HP-28 series is also innovative, as it’s where HP first exposed RPL to the user. RPL is Reverse Polish Lisp, a next-generation RPN, or Reverse Polish Notation, designed to handle complex algebraic expressions.

Were I doing that sort of equation-solving or scientific work this afternoon, the HP-28S would be ideal. Today’s project, though, is simple arithmetic related to tracking video editing timings. (Last time I did this, I used an HP-32S II, which has a simpler interface and much larger numbers on the one-line display.)

While I don’t use it often, the HP-28S is a prized member of my extensive collection of vintage calculators. My goal is to keep using all the devices (well, at least, the ones that still function) because it’s more fun than simply looking at them.

, ,

The Russians are hacking! One if by phishing, two if by Twitter

Was the Russian government behind the 2004 theft of data on about 500 million Yahoo subscribers? The U.S. Justice Department thinks so: It accused two Russian intelligence officers of directing the hacking efforts, and also named two hackers as being part of the conspiracy to steal the data.

According to Mary B. McCord, Acting Assistant Attorney General,

The defendants include two officers of the Russian Federal Security Service (FSB), an intelligence and law enforcement agency of the Russian Federation and two criminal hackers with whom they conspired to accomplish these intrusions. Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere.

Ms. McCord added that scheme targeted Yahoo accounts of Russian and U.S. government officials, including security staff, diplomats and military personnel. “They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities,” she said.

From a technological perspective, the hackers first broke into computers of American companies providing email and internet-related services. From there, they harvested information, including information about individual users and the private contents of their accounts.

The harm? The hackers, explained Ms. McCord, were hired to gather information for the FSB officers — classic espionage. However, they quietly went farther to steal financial information, such as gift card and credit card numbers, from users’ email accounts — and also use millions of stolen Yahoo accounts to set up an email spam scheme.

You can read more about this — and also about Twitter hacking in the escalating war-of-words between Turkey and the Netherlands. See my post for Zonic News, “State-Sponsored Hacking? Activists Who Support A Cause? Both? Neither?

, , ,

Exciting News: BZ Media sells InterDrone to Emerald Expositions

As many of you know, I am co-founder and part owner of BZ Media LLC. Yes, I’m the “Z” of BZ Media. Here is exciting news released today about one of our flagship events, InterDrone.

MELVILLE, N.Y., March 13, 2017 BZ Media LLC announced today that InterDrone™ The International Drone Conference & Exposition has been acquired by Emerald Expositions LLC, the largest producer of trade shows in North America. InterDrone 2016 drew 3,518 attendees from 54 different countries on 6 continents and the event featured 155 exhibitors and sponsors. The 2017 event will be managed and produced by BZ Media on behalf of Emerald.

Emerald Expositions is the largest operator of business-to-business trade shows in the United States, with their oldest trade shows dating back over 110 years. They currently operate more than 50 trade shows, including 31 of the top 250 trade shows in the country as ranked by TSNN, as well as numerous other events. Emerald events connect over 500,000 global attendees and exhibitors and occupy over 6.7 million NSF of exhibition space.

“We are very proud of InterDrone and how it has emerged so quickly to be the industry leading event for commercial UAV applications in North America,” said Ted Bahr, President of BZ Media. “We decided that to take the event to the next level required a company of scale and expertise like Emerald Expositions. We look forward to supporting Emerald through the 2017 and 2018 shows and working together to accelerate the show’s growth under their ownership over the coming years.”

InterDrone was just named to the Trade Show Executive magazine list of fastest growing shows in 2016 and was one of only 14 shows in the country that was named in each of the three categories; fastest growth in exhibit space, growth in number of exhibitors and in attendance. InterDrone was the only drone show named to the list.

InterDrone 2017 will take place September 6–8, 2017, at the Rio Hotel & Casino in Las Vegas, NV, and, in addition to a large exhibition floor, features three subconferences for attendees, making InterDrone the go-to destination for UAV educational content in North America. More than 120 classes, panels and keynotes are presented under Drone TechCon (for drone builders, engineers, OEMs and developers), Drone Enterprise (for enterprise UAV pilots, operators and drone service businesses) and Drone Cinema (for pilots engaged in aerial photography and videography).

“Congratulations to Ted Bahr and his team at BZ Media for successfully identifying this market opportunity and building a strong event that provides a platform for commercial interaction and education to this burgeoning industry”, said David Loechner, President and CEO of Emerald Expositions. “We have seen first-hand the emerging interest in drones in our two professional photography shows, and we are excited at the prospect of leveraging our scale, experience and expertise in trade shows and conferences to deliver even greater benefits to attendees, sponsors, exhibitors at InterDrone and to the entire UAV industry.”

, , ,

Happy encouragement from my smartwatch

“You walked 713 steps today. Good news is the sky’s the limit!”

Thank you, Pebble, for that encouragement yesterday.

The problem with fitness apps in smartwatches is that you have to wear the watch for them to work. When I am at home, I never wear a watch. Since I work from home, that means that I usually don’t have a watch on my wrist. And when I go out, sometimes I wear the Pebble, sometimes something else. For a recent three-day weekend trip away with my wife, for example, I carried the pocket watch she bought me for our 15th anniversary. So, it’s hard for the Pebble app to get an accurate read on my activity.

Yesterday, I only wore this watch for a brief period of time. The day before, not at all. That’s why Pebble thought that 713 steps was a great accomplishment.

(Too bad Pebble is out of business. I like this watch.)

, ,

Chicken sandwich at 12 o’clock high!

If Amazon can deliver packages by drone, then fast-food restaurants like Chick-Fil-A can air-lift chicken sandwiches via hot-air balloon. Right? At least, that’s the best explanation for this sighting in my Phoenix neighborhood.

Of course, what I really want is a Dunkin’ Donuts food truck going up my street. Like the old-fashioned ice cream vans. Though drones would be okay too. I’m not picky.

, ,

Don’t trust Facebook to keep your secrets

Nothing you share on the Internet is guaranteed to be private to you and your intended recipient(s). Not on Twitter, not on Facebook, not on Google+, not using Slack or HipChat or WhatsApp, not in closed social-media groups, not via password-protected blogs, not via text message, not via email.

Yes, there are “privacy settings” on FB and other social media tools, but those are imperfect at best. You should not trust Facebook to keep your secrets.

If you put posts or photos onto the Internet, they are not yours to control any more. Accept they can appropriated and redistributed by others. How? Many ways, including:

  • Your emails and texts can be forwarded
  • Your Facebook and Twitter posts and direct-messages can be screen-captured
  • Your photos can be downloaded and then uploaded by someone else

Once the genie is out of the bottle, it’s gone forever. Poof! So if there’s something you definitely don’t want to become public, don’t put it on the Internet.

(I wrote this after seeing a dear friend angered that photos of her little children, which she shared with her friends on Facebook, had been re-posted by a troll.)

,

A hit-and-run accident — literally

It was our first-ever perp walk! My wife and I were on the way home from a quick grocery errand, and we were witnesses to and first responders to a nasty car crash. A car ran a red light and hit a turning vehicle head-on.

As we pulled over to see if there were injuries, the young driver and passenger in the red-light runner got out of their vehicle… grabbed their backpacks… and ran. I got out our car and shouted at the kids to come back, and also managed to snap some quick cell-phone pictures.

We stayed behind at the accident scene to check out the victim (a nice but shaken woman). We also waited with her until the fire and then police arrived.

Other witnesses followed the perps, who ran into a supermarket and hid in the bathroom, and they called 9-1-1 about it. A few minutes later we learned “They got them!” — and the police officer at the accident scene asked us to drive to the supermarket parking lot and see if we could identify the runners.

So: I sat in the back of a car, and my wife hid behind a tree. The perps were taken one-at-a-time out of a patrol car to see if we could recognize them. The police were very careful to make sure the kids didn’t see us. They were indeed the runners — we could easily confirm that, and they clearly matched the photos on my phone.

After the ID, the police sent us home, with thanks. We’d like to commend Phoenix police and fire for their professionalism.

What a day, and what an adventure. While we hope that the kids had insurance (the woman’s car was totaled), we are especially grateful that nobody was injured, and that justice will be done.

And, I guess, once a first responder, always a first responder.

, ,

Hello, Hibiscus! One of our favorite flowers

This plant in our garden keeps blooming and blooming. What’s funny is that sometimes the flowers are yellow, and sometimes they are orange, like this one.

, , ,

Goodbye, Pebble – It’s a real loss to smart watches

5d3_1277I was dismayed this morning to find an email from Pebble — the smart watch folks — essentially announcing their demise. The company is no longer a viable concern, says the message, and the assets of the company are being sold to Fitbit. Some of Pebble’s staff will go to Fitbit as well.

This is a real loss. The Pebble is an excellent watch. I purchased the original monochrome-screen model by signing onto their Kickstarter campaign, back in April 2012, for an investment of $125.

The Kickstarter watch’s screen became a little flakey after a few years. I purchased the Pebble Time – a much-improved color version – in May 2016, for the odd price of $121.94 through Amazon. You can see the original Pebble, with a dead battery, on the left, and the Pebble Time on the right. The watchface I’ve chosen isn’t colorful, so you can’t see that attribute.

I truly adore the Pebble Time. Why?

  • The battery life is a full week; I don’t travel with a charging cable unless it’s a long trip.
  • The watch does everything I want: The watch face I’ve chosen can be read quickly, and is always on.
  • The watch lets me know about incoming text messages. I can answer phone call in the car (using speakerphone) by pressing a button on the watch.
  • Also in the car I can control my phone’s music playback from the watch.
  • It was inexpensive enough that if it gets lost, damaged or stolen, no big deal.

While I love the concept of the Apple Watch, it’s too complicated. The battery life is far too short. And I don’t need the extra functions. The Pebble Time is (or rather was) far less expensive.

Fortunately, my Pebble Time should keep running for a long, long time. Don’t know what will replace it, when the time comes. Hopefully something with at least a week of battery life.

Here’s the statement from Pebble:

Pebble is joining Fitbit

Fitbit has agreed to acquire key Pebble assets. Due to various factors, Pebble can no longer operate as an independent entity, and we have made the tough decision to shut down the company. The deal finalized today preserves as much of Pebble as possible.

Pebble is ceasing all hardware operations. We are no longer manufacturing, promoting, or selling any new products. Active Pebble models in the wild will continue to work.

Making Awesome Happen will live on at Fitbit. Much of our team and resources will join Fitbit to deliver new “moments of awesome” in future Fitbit products, developer tools, and experiences. As our transition progresses, we’ll have exciting new stories to tell and milestones to celebrate.

It’s no doubt a bittersweet time. We’ll miss what we’re leaving behind, but are excited for what the future holds. It will be important for Pebblers to extend a warm welcome to Fitbit—as fans and customers—sharing what they love about Pebble and what they’d like to see next.

,

Bald eagle at Canyon Lake, Arizona

What an amazing sight! We visited Canyon Lake, Arizona — a short drive from our home in Phoenix — and were rewarded with a close-up of this bald eagle. The bird seems to have caught prey; we believe it was a smaller bird, since we could see feathers flying.

These were shot using a Canon EOS 5D Mark III, with a Canon 70-200mm f/2.8 IS lens. This made me wish I’d brought the big Sigma 150-600mm to get more pixels on the bird. Next time!!


 

 

 

,

May you be blessed

1d4_7849Today’s beautiful cactus flowers will be gone tomorrow.

So much of our world’s wonders are ephemeral. Blink and you’ll miss the rainbow. A hug lasts mere seconds. A smile is fleeting. Shapes in the clouds constantly change.

Take a moment to enjoy life. Stop and smell the roses, watch the butterflies dance, take delight in the people around you, the shadows on the wall, the waves in the ocean. These precious moments, these everyday miracles, shall never come again.

G’mar chatima tova. May you be blessed with health, peace, joy, love, and delight.

, ,

Spammers really want to give me a BMW, but aren’t sure of the year or model

bmw-530iMrs. Rachael Adams is back, and still wants to give me a fine Bavarian automobile. But is it a 7-series or a 5-series? Is it a 2015 or 2016 model? Doesn’t matter – it’s a scam. Just like the one a few weeks ago, also from Mrs. Adams, but at least that one was clearer about the vehicle. Hey, it’s the same reg code pin as last time, too. See “A free BMW 7-Series car – and a check for $1.5 million!

All these “you are a winner” lottery emails are scams. Don’t reply to them, simply delete them.

From: Mrs. Rachael Adams

Subject: BMW LOTTERY PROMOTIONS.

BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Check of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle;

Model: 530iA Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also Licensed by the International Association of Gaming Regulators (IAGR). To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to the claim of your prize.

Name: Mr. David Mark
Email: [redacted]
Direct 24hours Security Line: [redacted] (Text Message Only)

Contact him by providing him with your Reg. pin code Number

255125HGDY03/23.

You are also advised to provide him with the under listed information as soon as possible:

  1. Name In Full :
  2. Residential Address :
  3. Nationality :
  4. Age :
  5. Sex
  6. Occupation :
  7. Direct Phone :
  8. Present Country :
  9. Email address :
  10. Reg pin code Number: 255125HGDY03/23

Please you are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Congratulations from all our staffs and thank you for being part of our promotional program.

Mrs. Rachael Adams.

FROM THE DESK OF RACHAEL ADAMS,
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

,

Though this Medium: using of Internet has been greatly Abused, says scammer

ghanaSpam scam: Who needs stand-up comedians when laughs appears in my inbox each and every day? This is one of the most amusing in a while, mainly because I can’t parse most of it.

Don’t reply to messages like this. Delete them right away.

From: Mr. Henry Addo

Subject: I NEED YOUR URGENT RESPONSE

My Good Friend,

Mr. name is My Henry Addo, the AM I ares ares Newly Promoted Branch Manager of Bank here in Ghana, West Africa, not quite I and Feel Safe discussing this with you through this Internet Business method, why is The Very Important Important Because this Transaction and the Business Must Confidential treated be. Though this Medium: using of Internet has been greatly Abused, I Still the Choose to you through the REACH IT Because IT Still Remains The Fastest Medium of Communication, during the Information I obtained the Your My search through The Internet.

May the Interest to you that I Hear IT the AM ares man of PEACE and do not Want the Problems, I Hope we only Each Call Assist for the CAN OTHER. The If you do not Want this Offer Kindly forget the Business IT, the AS the Contact you I will not again.

I have packaged a financial transaction that will benefit both of us, as the Branch Manager of the Bank, it is my duty to send in a Financial Report to my head office in the capital city Accra at the end of each year.

In the course of the last year 2015 end of the year report, I discovered that my branch in which I am the Manager made excess profit of Seven Million five Hundred Thousand Dollars [US $ 7,500,000.00] which my head office are not aware of and will be aware of Never Registered. I have Placed Since this Fund in ares SUNDRY ACCOUNT.

As an officer of the bank I can not be directly linked to this money, so this informed my contacting you for us to work together so that you can assist me and receive this fund into your bank account in your country for us to SHARE.

I am offering you 40% of the total fund, while you keep 60% for me in your bank account till I join you in your country for the sharing / investment of my own share of the funds or better still we can go into a joint partnership venture, I will appreciate it very much.

The Request for Your Honesty and Optimum immensely I Cooperation and Let Me Know Your Mind on this, the AS and the Please do treat this the Information Top Secret the AS the CAN I not afford to My Ñlose the Job with The Bank. We Shall Go over a once The details I The Receive your urgent response.

Thanks for your understanding, i will be waiting for your response

Sincerely,

Mr. Henry Addo.

, , ,

With Big Data, Facebook knows you by the company you keep

liberalAs Aesop wrote in his short fable, “The Donkey and His Purchaser,” you can quite accurately judge people by the company they keep.

I am “very liberal,” believes Facebook. If you know me, you are probably not surprised by that. However, I was: I usually think of myself as a small-l libertarian who caucuses with the Democrats on social issues. But Facebook, by looking at what I write, who I follow, and which pages I like, probably has a more accurate assessment.

The spark for this particular revelation is “Liberal, Moderate or Conservative? See How Facebook Labels You.” The article, by Jeremy Merrill, in today’s New York Times, explains how to see how Facebook categorizes you (presumably this is most appropriate for U.S. residents):

Try this (it works best on your desktop computer):

Go to facebook.com/ads/preferences on your browser. (You may have to log in to Facebook first.)

That will bring you to a page featuring your ad preferences. Under the “Interests” header, click the “Lifestyle and Culture” tab.

Then look for a box titled “US Politics.” In parentheses, it will describe how Facebook has categorized you, such as liberal, moderate or conservative.

(If the “US Politics” box does not show up, click the “See more” button under the grid of boxes.)

Part of the power of Big Data is that it can draw correlations based on vague inferences. So, yes, if you like Donald Trump’s page, but don’t like Hillary Clinton’s, you are probably conservative. What if you don’t follow either candidate? Jeremy writes,

Even if you do not like any candidates’ pages, if most of the people who like the same pages that you do — such as Ben and Jerry’s ice cream — identify as liberal, then Facebook might classify you as one, too.

This is about more than Facebook or political preferences. It’s how Big Data works in lots of instances where there is not only information about a particular person’s preference and actions, but a web of connections to other people and their preferences and actions. It’s certainly true about any social network where it’s easy to determine who you follow, and who follows you.

If most of your friends are Jewish, or Atheist, or Catholic, or Hindu, perhaps you are too, or have interests similar to theirs. If most of your friends are African-American or Italian-American, or simply Italian, perhaps you are too, or have interests similar to theirs. If many of your friends are seriously into car racing, book clubs, gardening, Game of Thrones, cruise ship vacations, or Elvis Presley, perhaps you are too.

Here is that Aesop fable, by the way:

The Donkey and his Purchaser

A man who wanted to buy a donkey went to market, and, coming across a likely-looking beast, arranged with the owner that he should be allowed to take him home on trial to see what he was like.

When he reached home, he put him into his stable along with the other donkeys. The newcomer took a look round, and immediately went and chose a place next to the laziest and greediest beast in the stable. When the master saw this he put a halter on him at once, and led him off and handed him over to his owner again.

The latter was a good deal surprised to seem him back so soon, and said, “Why, do you mean to say you have tested him already?”

“I don’t want to put him through any more tests,” replied the other. “I could see what sort of beast he is from the companion he chose for himself.”

Moral: “A man is known by the company he keeps.”

,

When meeting to exchange goods bought online, be safe and careful

muggingNothing is scarier than getting together with a buyer (or a seller) to exchange dollars for a product advertised on Craig’s List, eBay or another online service… and then be mugged or robbed. There are certainly plenty of news stories on this subject, but the danger continues. Here are some recent reports:

Don’t be a victim! The Phoenix Police Department has released an advisory. It’s good advice. Follow it.

Phoenix Police Media Advisory:

Internet Exchange Related Crimes

The Phoenix Police Department has recently experienced reported crimes specific to the usage of internet exchange sites that allow sellers to advertise items for sale and then interact with buyers. Subsequent to the online interaction, the two parties usually meet and exchange money for goods in a private party transaction at an agreed-upon location. However, due to circumstances surrounding the nature of these interactions, many criminals are using them for their own purposes

 Specifically, the Phoenix Police Department has seen an increase in robberies of one of the involved parties by the other party during these exchanges. However, crimes as serious as homicide and kidnapping have been linked to these transactions. Although no strategy is 100% effective when trying to be safe, there are a number of steps one can take to ensure the transaction is done under the safest possible circumstances. The department is urging those involved in these private, internet-based sales transactions to consider the following while finalizing the deal and making safety their primary consideration:

  • If the deal seems too good to be true, it probably is.
  • The location of the exchange should be somewhere in public that has many people around like a mall, a well-traveled parking lot, or a public area. Do not agree to meet at someone’s house, a secluded place, a vacant house, or the like.
  • Try to schedule the transaction while it is still daylight, or at least in a place that is very well lit.
  • Ask why the person is selling the item and what type of payment they will accept. Be wary of agreeing to a cash payment and then travelling to the deal with a large sum of cash.
  • Bring a friend with you to the meet and let someone who isn’t going with you know where you are going and when you can be expected back.
  • Know the fair market value of the item you are purchasing.
  •  Trust your instinct! If something seems suspicious, or you get a bad feeling, pass on the deal!

Other good advice that I’ve seen:

  • Never agree to meet in a second place, when you show up at the agreed-upon place and receive a text message redirecting you somewhere else.
  • Never give the other party your home address. If you must do so (because they are picking up a large item from your house), bring the item outside; don’t let them into your house. Inform your neighbors what’s going on.
  • Call your local police department and ask if they can recommend an Internet Purchase Exchange Location, also known as a Safe Exchange Zone.

Be careful out there, my friends.

, , ,

Securely disposing of computers with spinning or solid state drives

big-shredderCan someone steal the data off your old computer? The short answer is yes. A determined criminal can grab the bits, including documents, images, spreadsheets, and even passwords.

If you donate, sell or recycle a computer, whoever gets hold of it can recover the information in its hard drive or solid-state storage (SSD). The platform doesn’t matter: Whether its Windows or Linux or Mac OS, you can’t 100% eliminate sensitive data by, say, eliminating user accounts or erasing files!

You can make the job harder by using the computer’s disk utilities to format the hard drive. Be aware, however, that formatting will thwart a casual thief, but not a determined hacker.

The only truly safe way to destroy the data is to physically destroy the storage media. For years, businesses have physically removed and destroyed the hard drives in desktops, servers and laptops. It used to be easy to remove the hard drive: take out a couple of screws, pop open a cover, unplug a cable, and lift the drive right out.

Once the hard drive is identified and removed, you can smash it with a hammer, drill holes in it, even take it apart (which is fun, albeit time-consuming). Some businesses will put the hard drive into an industrial shredder, which is a scaled-up version of an office paper shredder. Some also use magnetism to attempt to destroy the data. Not sure how effective that is, however, and magnets won’t work at all on SSDs.

It’s much harder to remove the storage from today’s ultra-thin, tightly sealed notebooks, such as a Microsoft Surface or Apple MacBook Air, or even from tablets. What if you want to destroy the storage in order to prevent hackers from gaining access? It’s a real challenge.

If you have access to an industrial shredder, an option is to shred the entire computer. It seems wasteful, and I can imagine that it’s not good to shred lithium-ion batteries – many of which are not easily removable, again, as in the Microsoft Surface or Apple MacBook Air. You don’t want those chemicals lying around. Still, that works, and works well.

Note that an industrial shredder is kinda big and expensive – you can see some from SSL World. However, if you live in any sort of medium-sized or larger urban area, you can probably find a shredding service that will destroy the computer right in front of you. I’ve found one such service here in Phoenix, Assured Document Destruction Inc., that claims to be compliant with industry regulations for privacy, such as HIPAA and Sarbanes-Oxley.

Don’t want to shred the whole computer? Let’s say the computer uses a standard hard drive, usually in a 3.5-inch form factor (desktops and servers) or 2.5-inch form factor (notebooks). If you have a set of small screwdrivers, you should be able to dismantle the computer, remove the storage device, and kill it – such as by smashing it with a maul, drilling holes in it, or taking it completely apart. Note that driving over it in your car, while satisfying, may not cause significant damage.

What about solid state storage? The same actually applies with SSDs, but it’s a bit trickier. Sometimes the drive still looks like a standard 2.5-inch hard drive. But sometimes the “solid state drive” is merely a few exposed chips on the motherboard or a smaller circuit board. You’ve got to smash that sucker. Remove it from the computer. Hulk Smash! Break up the circuit board, pulverize the chips. Only then will it be dead dead dead. (Though one could argue that government agencies like the NSA could still put Humpty Dumpty back together again.)

In short: Even if the computer itself seems totally worthless, its storage can be removed, connected to a working computer, and accessed by a skilled techie. If you want to ensure that your data remains private, you must destroy it.

Beetle Bars and Cricket Cookies: The Global Market for Edible Insects

edible-insects-marketAs a technology analyst, I read a lot of market reports. Most are not as crunchy (and unpalatable) as  the Global Market Study on Edible Insects, by Persistence Market Research.

Some takeaways from the report’s summary:

In terms of value, the global edible insects market is anticipated to expand at a CAGR of 6.1% during the forecast period and is expected to account for US$ 722.9 million by 2024 end. Orthoptera (cricket, grasshopper, and locusts) segment is projected to register a CAGR of 8.1% over the forecast period, driven by rising demand for cricket granola bars, cricket crackers, cricket cookies, and cricket chocolates. Of the various edible insect type products, the beetle’s segment is estimated to account for approximately 30.8% share of the global market share in 2016, and caterpillars segment is estimated to account for 17.9% share.

Also:

Demand for edible insects in countries in Europe is on the rise, primarily owing to factors such as low risk of disease – as transmission of zoonotic diseases (diseases transmitted from animals to humans) such as H1N1 (bird flu) and BSE (mad cow disease) is low with regard to insects – and higher protein and nutrients and micronutrients such as copper, iron, magnesium, manganese, phosphorus, selenium and zinc, and fatty acids in comparison to meat and fish products. Insects are particularly important as a food supplement for undernourished children owing to easier digestibility.

Yeah, I guess it makes sense…. but still. More info:

On the basis of insect type, the global edible insect market is segmented into beetles, caterpillars, hymenoptera (wasps, bees, and ants), orthoptera (cricket, grasshopper, and locusts), true bugs, and others (termites, dragonflies, flies, and etc.) segments.

The most commonly and commercially consumed product type of edible insect is as a whole. The as a whole segment accounted for 65.3% share of the global market in 2015. Insects are majorly consumed as a whole, which is usually raw. As an ingredient, edible insects are consumed majorly as snacks and baked products. A major trend in the global edible insects market is increasing applications of edible insects in protein bars and shakes, increasing the availability of flavored food products using edible insect proteins, availability of mixed insect pack and usage as a coloring agent in food products.

Why insects?

Insect rearing involves low capital investment as compared to that needed for another conventional livestock rearing such as cattle, swine, and chicken. Substantial increase in global population and decreasing resources are other factors expected to drive demand for alternative food sources. According to United Nations, global population in 2050 is expected to reach 9 billion, significantly outgrowing existing food resources. Insects contain high protein and amino acids and can be a sustainable food source in future.

The report costs $4,900. Zesty!

,

People or programs: What’s the best for your synagogue?

This essay was originally published on the Reform Judaism blog on July 27, 2016.

What is the most important part of your house of worship? Is it the spiritual well-being of the community or good attendance at adult classes and innovative programming events?

That question is at the core – at the essence – of every progressive synagogue (and every church, mosque, and other house of faith). It’s not reflected in congregations’ mission statements, value statements, or statements of purpose, and frankly, I doubt that many synagogue leaders know the answer as it applies to their own institutions. And, among those who think they do, at least half of them get it wrong.

After many years as a consultant in the synagogue world, I’ve come to believe that most clergy, as well as professional and lay leaders are incredibly visionary, amazingly hard-working, and shockingly myopic. They believe their congregation is warm and welcoming, even as many newcomers and longtime congregants are frozen out of the “important” cliques. Leaders are convinced that worship services are innovative and uplifting, while the Jews in the pews murmur that services are old and tired. And, although leaders may believe that the biggest reason members leave congregations is because of an outdated dues model, in reality it’s because in their rush to implement innovative programs, clergy have forgotten to minister to their flock.

Let’s look at two examples.

  1. One mid-sized synagogue I consult with is fixated on programs. Programs for teens! Programs for seniors! Lots of classes! Experiential Shabbat! Social justice programs! Scholars-in-residence! Multi-faith initiatives! Everything from yoga to drumming to Mussar. Seemingly every temple communication aims to drive sign-ups for “fun-filled” programs for all ages and every interest.

    The staff and clergy in this community are eternally focused on finding out about new programs, and then bringing them to the synagogue. As a result, they’re involved in lots of conversations in The Tent, discussions at the Scheidt Seminar, and workshops at Biennial. What’s missing, though, is introspection – a look at what works and what doesn’t, including an examination of which members are engaged, and which aren’t, and whether the focus should be on programs at all, instead of on congregants.

    In fact, neither the clergy nor the caring community members are focused on outreach to congregants. Rather, the implicit focus is on the synagogue. Of course, if members are in crisis and call the temple or request pastoral care, they receive sincere love and lots of attention. However, beyond an inner circle of regular participants, the clergy and leaders don’t know most members of the congregation, and making the first move is up to congregants.

  1. Another mid-sized congregation in a different part of the country also hosts programs – classes, scholar-in-residence events, a well-attended summer camp – and experiments with different worship models. Most inspiring, however, is its leaders’ intensive focus on frequent and direct engagement with each and every congregant, which means regular phone calls, invitations for coffee or meals, and deep conversations whenever a lifecycle event occurs. This congregation focuses on individual congregants and wants to be an integral part of their lives. As a result, every congregant has opportunities to spend quality time with the clergy each year, either one-on-one or in small group settings.

    One reason such engagement is possible is because the clergy and staff are active on social media and it’s part of the synagogue’s culture for clergy to reach out immediately to congregants who are in distress or celebrating a simcha (joyous occasion). Making these connections is powerful, as I learned from a long-retired rabbi, who told me that one of the most important and enjoyable parts of his job was calling every congregant on his or her birthday.

In a choice between people and programs, I’ll always vote for people. Of course, it’s important that a synagogue be a beit midrash (house of study), a beit t’filah (house of worship) and a beit k’neset (house of assembly). However, its responsibility as a beit g’milut chasadim (house of loving kindness) should be first and foremost, and the true Torah of our Reform congregations.

Indeed, nothing is more central to the cause of Judaism than synagogues that look beyond programs and consider as their core mission the need to engage and take care of every congregant – in good times, bad times, and every time in-between.

IOC Approves Amateur Radio for Tokyo 2020 Olympic Games

tokyo_2020_olympics_logo_detailCQ CQ CQ de IOC: The Organising Committee for the Tokyo 2020 Games have approved new competitions to celebrate Amateur Radio.

Tokyo 2020 President Yoshiro Mori said, “The inclusion of Amateur Radio will afford athletes the chance of a lifetime to realise their dreams of competing in the Olympic Games – the world’s greatest sporting stage – and inspire them to achieve their best, both in sport and in life.”

Throughout the history of amateur radio, amateur radio enthusiasts have made significant contributions to science, engineering, industry, and social services. Research by amateur radio operators has founded new industries, built economies, empowered nations, and saved lives in times of emergency.

Amateur radio is a hobby and, by law, completely non-commercial. Individual amateur “ham” radio operators pursue the avocation for personal pleasure through building their own radio stations and communicating with their fellows globally, and for self-improvement via study and practice of electronics, computers, and radio and TV wave behaviour.

Radio amateurs are, thus, “amateurs” in the true sense of the word: pursuit of an activity only for the love of it. Radio amateurs can not broadcast or transmit music and other general public entertainment programming. The amateur radio use of the air waves is for personal satisfaction and for forwarding the “state of the art” of electronics and communication techniques. Amateur radio operations can be detected in designated bands throughout the radio spectrum, using a variety of modulation methods including Morse code, voice and digital modes, and image modes such as television and facsimile.

The Amateur Radio competitions were inspired by the World Radiosport Team Championships (WRTC). WRTC2014, in Massachusetts, U.S.A., included 59 competing teams from 38 countries.

Described as the “ultimate International Field Day” by radio enthusiasts, new for the Tokyo 2020 Games are the following competitions within the Amateur Radio category in response to the new flexibility provided by Olympic Agenda 2020:

  • Men’s 20-, 40-, 80-and 160-Meter Antenna Tuning
  • Women’s 40-, 80-and 160-Meter Antenna Tuning
  • Men’s Synchronized 10-Meter Tower Dive
  • Men’s Freestyle Speed Keying
  • Women’s Freestyle Speed Keying
  • Women’s Uneven (Upper and Lower Sideband) Bars
  • Women’s 10-Meter Dash-and-Dot
  • Men’s 15-Meter Greco-Roman CW Sprint
  • Men’s Synchronized PSK31 (Phase Shift Keying, 31 Baud)
  • Women’s 15-Meter SSTV (Slow Scan Television)
  • Mixed Doubles Earth-Moon-Earth (Moon Bounce)
  • 10GHz-and-Up Team Dressage
  • Men’s 6-Meter J-Pole Vault
  • Women’s All-Around RTTY Roundup
  • Women’s UHF/VHF/HF Triathlon
  • Men’s UHF/VHF/HF Triathlon

IOC spokesman Sam Morse said, “The sky is the limit when it comes to Amateur Radio at the Olympic. Actually, with the Moon Bounce competition, even the heavens no longer hold our talented amateurs back. Tokyo 2020’s balanced proposal fulfils all of the goals of the Olympic Agenda 2020 recommendation that allowed it. These new competitions will add to the legacy of the Tokyo Games.”

Morse continued, “The inclusion of the package of new sports will afford young athletes the chance of a lifetime to realise their dreams of competing in the Olympic Games – the world’s greatest sporting stage – and inspire them to achieve their best, both in sport and in life. We thank the amateurs who shall soon begin qualifying for the Tokyo games by wishing them the IOC’s ’73.’ ”

###

The International Olympic Committee is a not-for-profit independent international organisation made up of volunteers, which is committed to building a better world through sport. It redistributes more than 90 per cent of its income to the wider sporting movement, which means that every day the equivalent of USD 3.25 million goes to help athletes and sports organisations at all levels around the world.

, , ,

Popular news websites can be malware delivery systems

jason-steerNews websites are an irresistible target for hackers because they are so popular. Why? because they are trusted brands, and because — by their very nature — they contain many external links and use lots of outside content providers and analytics/tracking services. It doesn’t take much to corrupt one of those websites, or one of the myriad partners sites they rely upon, like ad networks, content feeds or behavioral trackers.

Potentially, malware injected on any well-trafficked news website, could infect tremendous numbers of people with ransomware, keyloggers, zombie code, or worse. Alarmist? Perhaps, but with good reason. News websites, which can include both traditional media (like the Chicago Tribune and the BBC), or new-media platforms (such as BuzzFeed or Business Insider) attract a tremendous number of visitors, especially when there is a breaking news story of tremendous interest, like a natural disaster, political event or celebrity shenanigans.

Publishing companies are not technology companies. They are content providers who do their honest best to offer a secure experience, but can’t be responsible for external links. In fact, many say so right in their terms of use statements or privacy policies. What they can be responsible for are the third-party networks that provide content or services to their platforms, but in reality, the search for profits and/or a competitive advantage outweighs any other considerations. And of course, their platforms can be hacked as well.

According to a story in the BBC, news sites in Russia, including the Moscow Echo Radio Station, opposition newspaper New Times, and the Kommersant business newspaper were hacked back in March 2012. In November 2014, the Syrian Electronic Army claimed to have hacked news sites, including the Canada’s CBC News.

Also in November 2014, one of the U.K’s most popular sites, The Telegraph, tweeted, “A part of our website run by a third-party was compromised earlier today. We’ve removed the component. No Telegraph user data was affected.”

A year earlier, in January 2013, the New York Times self-reported, “Hackers in China Attacked The Times for Last 4 Months.” The story said that, “The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.”

Regional news outlets can also be targets. On September 18, 2015, reported CBS Local in San Francisco, “Hackers took control of the five news websites of Palo Alto-based Embarcadero Media Group on Thursday night, according to the CBS. The websites of Palo Alto Weekly, The Almanac, Mountain View Voice and Pleasanton Weekly were all reportedly attacked at about 10:30 p.m. Thursday.

I talked recently with Jason Steer of Menlo Security, a security company based in Menlo Park, Calif. He put it very clearly:

You are taking active code from a source you didn’t request, and you are running it inside your PC and your network, without any inspection whatsoever. Because of the high volumes of users, it only takes a small number of successes to make the hacking worthwhile. Antivirus can’t really help here, either consumer or enterprise. Antivirus may not detect ransomware being installed from a site you visit, or malicious activity from a bad advertisement or bad JavaScript.

Jason pointed me to his blog post from November 12, 2015, “Top 50 UK Website Security Report.” His post says, in part,

Across the top 50 sites, a number of important findings were made:

• On average, when visiting a top 50 U.K. website, your browser will execute 19 scripts

• The top UK website executed 125 unique scripts when requested

His blog continued with a particularly scary observation:

15 of the top 50 sites (i.e. 30 percent) were running vulnerable versions of web-server code at time of testing. Microsoft IIS version 7.5 was the most prominent vulnerable version reported with known software vulnerabilities going back more than five years.

How many scripts are running on your browser from how many external servers? According to Jason’s research, if you visit the BBC website, your browser might be running 92 scripts pushed to it from 11 different servers. The Daily Mail? 127 scripts from 35 servers. The Financial Times? 199 scripts from 31 servers. The New Yorker? 113 scripts from 33 sites. The Economist? 185 scripts from 46 sites. The New York Times? 76 scripts from 29 servers. And Forbes, 100 scripts from 49 servers.

Most of those servers and scripts are benign. But if they’re not, they’re not. The headline on Ars Technica on March 15, 2016, says it all: “Big-name sites hit by rash of malicious ads spreading crypto ransomware.” The story begins,

Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when “Angler,” a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network.

 According to a separate blog post from Trustwave’s SpiderLabs group, one JSON-based file being served in the ads has more than 12,000 lines of heavily obfuscated code. When researchers deciphered the code, they discovered it enumerated a long list of security products and tools it avoided in an attempt to remain undetected.

Let me share my favorite news website hack story, because of its sheer audacity. According to Jason’s blog, ad delivery systems can be turned into malware delivery systems, and nobody might every know:

If we take one such example in March 2016, one attacker waited patiently for the domain ‘brentsmedia[.]com’ to expire, registered in Utah, USA , a known ad network content provider. The domain in question had expired ownership for 66 days, was then taken over by an attacker in Russia (Pavel G Astahov) and 1 day later was serving up malicious ads to visitors of sites including the BBC, AOL & New York Times. No-one told any of these popular websites until the malicious ads had already appeared.

Jason recently published an article on this subject in SC Magazine, “Brexit leads to pageviews — pageviews lead to malware.” Check it out. And be aware that when you visit a trusted news website, you have no idea what code is being executed on your computer, what that code does, and who wrote that code.

,

A free BMW 7-Series car – and a check for $1.5 million!

2016_BMW_7-Series_(G11)_sedan,_front_viewLook what I fished out of my spam folder this morning. This is a variation on the usual lottery scam, and more enjoyable than most. But really, a BMW 760Li? While the 6.6-litre twin-turbo Rolls Royce engine would be zippy on Phoenix-area highways, we certainly don’t need the cold-weather package here. Anyway, the M4 two-door coupé is more my style.

To be serious: When you get spam like this, simply delete the message. Don’t reply, don’t click any links, including unsubscribe links.

From: “Mrs Rachael Adams”
Subject: BMW LOTTERY DEPARTMENT

Date: July 21, 2016 at 1:51:03 PM MST
BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/JUNK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Cheque of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle; Model: 760Li Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also licensed by the International Association of Gaming Regulators (IAGR).

To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to claim your prize.

Fiduciary Agent: Mr.David Johnson
Contact Email:[redacted]

Contact him by providing him with your secret pin code Number BMW:255175HGDY03/23.As the subject of your email for swift response

You are also advised to provide him with the under listed information as soon as possible:

1. Name In Full :
2. Residential Address :
3. Nationality :
4. Age :
5. Sex
6. Occupation :
7. Direct Phone :
8. Present Country :
9. Email address :
10. pin code Number BMW:255175HGDY03/23

Note that you have to send email to Mr.David johnson .You are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Mrs.Rachael Adams.
———————
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

, ,

Quick-draw: Six-shooter or smartphone?

5D3_0451

 

The modern gunslinger carries an iPhone on his belt, across from the six-shooter. If the phone rings, hope he doesn’t grab the wrong device.

Prescott, Arizona, July 24, 2016.

,

Ramsey Canyon and Fort Huachuca – A bird photographer’s paradise

blue-grosbeakWe spent a long weekend in southern Arizona viewing wildlife, with time spent at birders’ paradises in Ramsey Canyon, as well as two canyons in Fort Huachuca: Huachuca Canyon and Garden Canyon. Wow. We saw and photographed so many incredible birds and butterflies, including (my favorite shot) the Blue Grosbeak.

The rarest sighting was that of the Elegant Trogon. Birders will make a special trip to this area simply to see that bird. There are only about 50 breeding pair in the United States. We were lucky and got excellent photos.

During our time there, we stayed at the Ramsey Canyon Inn. Incredible gourmet breakfasts by Chef Vince. Recommended!

We  saw and photographed Painted Redstarts, Arizona Woodpecker, Hepatic Tanager (called that because it’s the color of liver!), Buff-Breasted Flycatcher, Sulphur-Bellied Flycatcher, Greater Pewee, Cassin’s Kingbird, Verdin, Magnificent Hummingbird, Broad-Billed Hummingbird, Black-Chinned Hummingbird, Red-Shouldered Hawk, Black-Headed Grosbeak, and many, many others.

There were also quite a few species of butterfly everywhere. I only remember a few by name, the Arizona Sister and the Double-Tailed Swallowtail (the Arizona state butterfly), and impressive swarms of Bordered Patch. Plus various dragonflies, jackrabbits and Coues White-Tailed Deer.

What a beautiful part of the world. We’ll be back.