The week where I nearly fell victim to scammers

Posted on by
5

Last week I was under attack., and it was completely my own doing. I nearly fell victim to two separate and independent scams. And while I pride myself on recognizing and avoiding these things (perhaps too much, given these situations), it just shows you how anyone can be manipulated.

Let’s talk about the one involving a major sale of Taschen art books. You have seen these coffee table beauties, they typically are quite expensive and cover a wide range of art (including movies and art posters). There was an ad running through my Facebook feed (a sample shown below) that promised all sorts of things, such as “to make room for new editions and updated print runs, we’re clearing a limited selection of archive titles from our warehouse.” Clicking on the ad’s “Shop Now” buttons brought you to an attractively designed page that showed book covers and sale prices that were around $5 a book. There were several warning signs that I ignored, because I was so excited about getting some bargain books: First, paltry descriptions. Second, the domain was a .shop one that didn’t seem to have any relationship with any Taschen brand itself. And the FAQ page looked like it had been written with AI, certainly not on the level of quality that I knew this publishing house was known for.

Now, you can find these books in many used book stores, and they go for at least $25 a piece . But I was blinded by the bargains and so I proceeded to order three books. With shipping, it came to about $30 total. Enter my credit card, and wait — the card was rejected. The name of the vendor was khdfaienceflume. The company was based in Hong Kong, and the purchase was originally in HK$. Okay, something phishy here. I went back and looked up the domain, where I found it was registered a week ago. (Big red flag.) Taschen is based in Germany, btw. So i was saved by my credit card company’s fraud screen. I should have seen these warning signs, and should have followed the cardinal rule: if someone is selling something so cheap that is too good to be true, it probably is.

My second scam was a lot more involved, and it took me a week to figure it out. I got an email from Deven saying that “he was on Spotify and came across my2023 podcast interview.” He claimed to be able to help place me with interviews on other “big-name podcasts,” and mentioned the names of some of his clients that he has helped in the past. None of the names meant anything to me, but I figured what the heck and booked some time with him the following week. All seemed on the up and up until I started getting more than a dozen messages and texts suggesting that I watch some of his promotional hints and tips to making more money doing podcasts, leading up to the day of our eventual virtual meeting. I was starting to get annoyed, but I was eager to hear more about his “sure fire methods.”

Again, I was blinded by the “make money fast” message and missed a few of the cues: some slight misspellings in his messages, the lack of any actual pricing for his services (other than hints that he was expensive), and a failure to check out any of the “big name” clients. I actually connected to the pre-arranged meeting but Deven was a no-show. Then I started investigating: After checking into his clients’ websites, they all shared a common thread: they make a lot of money, they don’t show pricing, and they also don’t have contact info. It all was an elaborate hoax. (You can see a partial screenshot of one of these clients here.) All of the clients had very attractive websites that reflected a lot of time to create their own testimonials and detailed strategies on how they can help you “earn seven figures.” Yeah, right.

I am not sure how Deven was going to get my money, but once again, a major fail.

So: take a moment before you get sucked into the phishing vortex. And let my experiences in Scamville be a potent lesson to you. I n the meantime, I guess I am back to browsing the used book stores in person too.

Book review: How to get away with murder

Posted on by
Reply

Meet Denver Brady, avowed serial killer and author of a book with the same title as this novel. His work forms the book-within-a-book, more of a step-by-step instruction on how to off someone and escape to do it again and again. The book is found in the novel’s primary murder victim’s hands at the start of the novel, which begins the manhunt by inspector Samantha Hansen, who is coming off compassionate leave and back on the force. Sam, as she likes to be called, is beset with loads of problems, both emotional and physical, and has trouble concentrating on clues that should be obvious to her (maybe not for all readers however) as she tries to solve the novel’s murder. She reads along the how-to book and tries to align the clues in the book with the ones she uncovers during the course of her investigation. The novel mostly takes place in and around London, and has loads of plot twists and turns, right up to its very end. I won’t give away any of these because they are deliciously put together. Many murder mysteries run out of gas towards the end but this book — or should I say the combined books — holds your attention until nearly the last page. I highly recommend this novel by Rebecca Philipson.

At least Clippy was cute

Posted on by
3

I was not a fan of Microsoft’s Clippy. But I was waxing somewhat nostalgic about the little paper clip reading all the negative reviews of Microsoft’s latest foray into helpful assistants, its AI-based Copilot. David Linthicum wrote today on LinkedIn about the enterprise backlash, saying, “The company’s decision to introduce new licensing models, charge premium prices for AI features, and encourage hardware upgrades created deep skepticism.” He cited its intrusive design, general unhelpfulness and AI hallucinations, and evidence that just a small percentage of adoption by Office users as major obstacles and says it is a cautionary tale: Microsoft needs to listen more and impose less on its users.

The Rise and Fall of Clippy: From Microsoft's Bold Vision to Internet LegendSome wags (including Marc Benioff) have called Copilot Clippy 2.0. I don’t think that is a fair fight. We should at least bump up the version to 10.0. In many respects, Clippy was ahead of its time (read this historical look back to see why this author called it cutting-edge AI for 1996.)

I haven’t spent much time with Copilot, because I would rather do my internet lookups when I need them, not be distracted by some automated nag. True, Copilot can generate a lot of text with just a simple request. But a lot of AI slop, as it is called. Does it do a better job than Clippy in understanding context? Yes, but it still interrupts the creative flow, or at least my creative flow.

Over the many decades that I have become a not-so-famous writer I have learned how do my searches for the data and links in my stories. Now I type in complete sentences, rather than find three unique words that will drive better results. (That reminds me of What3words.com, which is a fascinating site, but I digress. See how annoying interrupting things can be? Sorry.)

So at least Clippy was cute. It had its detractors too, but also fans such as this short video that showed its future that is surprisingly fresh for something done a decade ago.

And for those of you who want to reanimate Clippy, here is some code that will bring it back to your desktop.

I will leave you with some words of wisdom from a colleague, Theresa Szczurek, who talks about finding joy and fear in AI in her latest newsletter: “You choose when to use AI. You decide where it adds value. You define ethical boundaries. You determine how it supports — not supplants — your strengths. AI is one tool among many. You are still the strategist. The leader. The creator.”

The Hacker News: My Day Getting My Hands Dirty with an NDR System

Posted on by
Reply

As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight asked me to write a sponsored piece for The Hacker News about my experience using their Investigator threat hunting software (screenshot below).

While I’m new to threat hunting, I do have experience looking at network traffic flows. I was even an early user of one of the first network traffic analyzers  from Network General called Sniffer. Sniffers were specialized PCs equipped with network adapters designed to capture traffic and packets. These computers were the foundation on which more advanced network monitoring platforms were built. That Wikipedia link shows you how far we have come with designing useful control interfaces.

My day getting down and dirty with Corelight’s Investigator taught me valuable lessons on how to create threat hypotheses, understand how threats move about a network, and, more importantly, gave me an opportunity to learn more about how networks operate and how they can be defended in the modern era.

The future generation of news looks very different from today

Posted on by
2

A new research report from a combined effort of Financial Times Strategies and the Knight Journalism Lab at Northwestern University is now out. Entitled “Next Gen News” it describes a very different future for the way news is gathered, packaged, and consumed. And if I haven’t grabbed you in the seconds it took to read my lede, then too bad and so sad for me.

The report is the second such effort from this collaboration and uses online surveys of 1,000 subjects in each of five countries: Brazil, India, Nigeria, the UK and the US. They also took more in-depth interviews of 84 random subjects aged 18-28, and 19 news producers across the world drawn from both solo creators and larger news sites. The 80-page report is well worth your time, and shows what is happening in the world of news. Some of it is obvious, but a lot of it isn’t, and the insights will surprise you.

If you have never heard of Lisa Remillard, The Pudding, Morning Brew or Climate Adam, then you need to pay a lot more attention to this report and the market that they represent. News sites are embracing novel ways to attract, orient and engage readers. Sites are tailoring their content to produce a mix of sources, notifications, story types and ways to adjust their algorithms to provide the best engagement. That much you probably know, but there are many tips and tricks on how to get from the old news world to the modern era.

To that end, they identify seven different modes of engagement, as shown in the diagram below.

For example, the sifters can scroll through a list of news items. They have about two seconds for video and maybe 15 or so seconds for reviewing the text to select the stories or topics that breakthrough. Seekers use overall websites to guide their discovery process. Each of the seven modes is explored in detail, with numerous examples from sample websites from the five countries.

One of the interesting things is how different the news environment is across the world. Nigeria, for example, is the most digitally engaged country, for example. The study’s authors explain why they picked the places they did, and document who they did additional interviews at length.

The challenge for modern news producers is that there is a broader definition of what news is for modern readers. It can contain civic info, but it also has a personal impact on the reader and is both entertaining and non-fiction. The researchers found that the best producers have turned the trad journalism model on its head: they start from being distributors, master the language and style of their platforms and design their content so it can travel across their own news ecosystem. Being distribution first means that engagement isn’t just a by-product of solid journalism but built-in up front. Publishing is the start of a conversation between the site creators and readers, not the endpoint of what was once the legacy process. The old news style began with an idea and then worked through research and writing the story and ended with distribution. The modern workflow starts with distribution and then tests several ideas before moving into editing and publication, all in the service of community engagement.

No longer are news producers trying to shoehorn content into a distribution platform (like TikTok or YouTube), with results measured in page views or likes. Instead, the content is designed to be native to a platform in terms of style, focus, and news content. And forget about the inverted pyramid scheme for writing stories: there are numerous examples of what next-gen news uses, such as building recurring inside jokes to make complex topics more approachable.

This means that the modern newsroom is filled with what the researchers call “full stack creators.” This doesn’t mean that they know everything from HTML to Cursor, but that they have a mix of skills including on-camera presence, visual storytelling, script writing, being able to package the product with descriptions and thumbnails, and understanding the basic analytics that will be used in their stories. That is a tall order. But wait, there is more: the modern newsroom needs to be a working, cross-functional pod that can cover multiple platforms too.

Back when Twitter was still a trusted breaking news source, we had to learn the ins and outs of socializing our content. And to some extent, this is still the case, just now the socializers are just one of the seven modes mentioned earlier. But now the producer has to start with the assumption that they have to build content that people actually want to share with their peers, and understand how different platforms distribute their shared content. To be effective, this content has to resonate emotionally, be simple to grasp, and easy to report. Seems obvious, right?

Not mentioned in the report is that content creators have to navigate the dangerous waters of AI and understand that traditional SEO and being an “influencer” are both dead concepts. Cybersecurity expert Daniel Miessler recently posted that “The main viable path for knowledge worker professionals is to start seeing themselves as free agents. And to start behaving that way in terms of how they present to the world. It’s about to be essential that you’re visible, that you have a portfolio of work you can show/talk about, that you have a domain. A website.” Everyone will be an influencer, and its our job as scribes to find, target, and feed our particular audiences.

Book Review: The Bolden Cylinder by Norman Woolworth

Posted on by
Reply
The Bolden Cylinder: A Bruneau Abellard NovelAn old wax cylinder was discovered in a New Orleans attic containing a recording of a an century-old jazz pioneer. The cylinder ends up missing at the same time as an arsonist burns down the home it was last seen. The mystery widens to some unsavory characters and some interesting plot twists that weave various real locations around town, so those readers familiar with the city might enjoy the travel scenes. The double murder/arson investigation — a dead body is discovered in the burnt-out home that has been there for decades — proceeds in fits and starts, and with just the right mix of action, dialogue and suspense. I thought some of the plot points could have been described more sharply, but would recommend this mystery nonetheless. Buy the book on Amazon here.

FIR B2B #159: A tale of two newspapers

Posted on by
Reply

Paul Gillin and I are back with this episode after the recent events of the massive layoffs at the Washington Post and the LA Times, the shuttering of the Pittsburgh Post Gazette  and funding cuts at NPR. We describe the continuing train wreck of daily news there and contrast the Post’s approach with what has been going on at the New York Times digital property. The Times diversified its revenue stream beyond its core newsgathering with purchasing gaming, cooking, and sports-related content. Post’s owner Jeff Bezos didn’t diversify or even keep the news core. Part of the digital newspaper problem is that its ad revenue model is gone, as search traffic has dried up thanks to AI chatbots. Compounding this is that overall monthly visits to the Post’s website is down from 60M (in 2022) to 40M visits last year, and subscriptions are dropping too. We contrast the Post and the Times business models.

On our latest 17 min. podcast, we talk about some signs of success with subscriptions for smaller, more targeted sites, such as 404Media, which shows that a small group of independent journalists can keep quality high and report on significant stories. Also, individual creators (such as Mr. Beast and Mark Rober) can build a brand and attract significant audiences (Rober has more than 70M subscribers, for example) on YouTube and TikTok.

If you want to also listen to Marty Baron, former editorial director of the Post, here he is talking to Tim Miller about his thoughts on the decline of his former employer.

Book review: The Jills by Karen Parkman

Posted on by
Reply

book cover for The JillsThe title characters of The Jills are members of the cheer squad supporting the Buffalo Bills football team, and what happens when trouble envelops several of them. It is loosely based on the reality and challenges faced by these women — low pay, ridiculous work requirements that dictate every moment of their lives: how they look, what they eat, and so forth. One of the Jills is missing, and foul play is suspected. Two sisters are at the heart of the plot: one a Jill, and one who is in and out of various addiction 12-step programs. Lurking on the sidelines is a Buffalo crime family that who is dating the missing Jill. The novel’s verisimilitude is spot-on, and the scrapes that the two sisters get into drives the plot forward and provides for a fast-paced read. Highly recommended.

Book review: Spies, Lies and Cybercrime by Eric O’Neill

Posted on by
Reply

Spies, Lies, and Cybercrime: Cybersecurity Tactics to Outsmart Hackers and Disarm ScammersEric O’Neill has had an interesting career hunting down some of the worst spies and cybercriminals (he was one of the principals behind the takedown of Robert Hanssen). His book is a part travelogue, part instruction and best-practices manual, and part a detailed narrative of how cyber attackers ply their trade. If you haven’t heard of a few of the exploits (Colonial Pipeline, Solar Winds, WannaCry, and many others), this book is useful in describing the back story of these and others that have receded from the headlines. He draws on his own experiences at fighting these attackers from real life IT workers that are trying to keep their networks secure and protected, and “another grim reminder that once your data is out there, it’s out there for good—­ and the dark web has no return policy,” as he writes. The dark web – where criminals operate – has a gross cybercrime haul greater than Germany and Japan’s GDP combined.

We have already reached the place where we can’t trust everyday sites such as texts, FaceTime, Teams and other social sharing platforms. “Trust has become an uncommon commodity.”

O’Neill has spent years as a national security lawyer, corporate investigator and part of the threat response teams for cybersecurity vendors, so he knows the landscape very well. He wrote this book for a laudable purpose: “If enough of us become covert agents and learn to safeguard our personal data, we can also make the world safe from cyberattacks. This is how we start. One data point at a time.” His philosophy is that we must do better and start thinking like our adversaries if we are to repel their digital advances. “There are no hackers, there are only spies.” His years in law enforcement “left me with a simple axiom: Criminals are lazy. If they weren’t, they’d get day jobs.” So true. And being patient in understanding how your business has been compromised will pay off in finding where the breach took place and how to shore up your defenses.

The end of the book is worthy of clipping as a ready reference, what he calls the Spy Hunter Tool Kit. It is a list of dozens of valuable suggestions, such as never respond to a phishing text (such as the one I got while I was writing this review, asking me to change my PayPal password. (I no longer have a PayPal account, having gotten tired of all the scams and come-ons such as this one.)

His book was written while AI blossomed (I guess that is one way to describe it) and audio and video deepfakes became more common. One way to suss out if they are fake is to move your hands wildly at the beginning of a video conference call, although eventually AI will figure out a solution to this too.

If you are an experienced cybersecurity professional and want a book to give your friends, family, and co-workers, this is a good place to start with their education. If you are new to the cybercriminal world, this book will show you its depths and darkest corners, and hopefully motivate you to use better and unique passwords and other protective techniques.

This is a great introduction to cybercriminals and how to protect yourself from being their next victim.

Book review: Good Intentions by Marisa Walz

Posted on by
Reply

book cover for Good IntentionsThis book takes on several tough subjects as part of its winding plot involving two terrible accidents on Valentine’s Day: one twin sister and one child are killed in two separate auto accidents. The surviving twin and the boy’s mother are brought together in grief, as their worlds fall apart. The twin runs her own event management business, and her husband has his own business too. The psycho drama of these three adults is woven expertly by the author as we watch their conflicts over loss and adjusting to various circumstances that I don’t want to reveal to spoil the plot. As someone who has lost an adult child, their grief journeys aren’t sugar-coated and seem very realistic and raw. And the strong ending is somewhat surprising but brings the novel to an appropriate close. Highly recommended.