Friday, January 18, 2013

Look before you click - or Phish Spotting

As a public service, I thought I'd provide a little forensic analysis of an incident I experienced yesterday.  The punchline is:  when in doubt about the legitimacy of a web site, try a whois search.

Annapurna was very excited yesterday evening at receiving an email that purported to be from the school of her choice, encouraging her to request admission info from them.

Now, let me say from the start, that I think that said school would be very wise to encourage her to apply,  and I think it not unlikely that it will in time be brought to its senses and will ultimately send her a supplication to grace it with an application and a $50 application fee.

But that may not be what she got yesterday.

No.  This was a college admissions phishing email.  It said,

Based on your achievements thus far, I invite you now to request our viewbook [with a link to...well...you'll hear more about that later],  Within its pages you will discover the countless ways our dynamic campus in [city of School of Choice] can educate, invigorate and inspire you.
Sincerely,
[Real name of Dean]  
Dean of Undergraduate Admissions and Financial Aid 
P.S. We also offer one of the most generous need-based financial aid programs in the country. We received your contact information from the Student Search Service of the College Board. 
Flattering, no?  Who could resist clicking on that magic link?  And if you did, you'd see a page that looked like something the School-of-Choice might put together, complete with school colors, logos, links to legitimate pages at School-of-Choice, etc.

Here's how I got in this story.

I had heard Annapurna going on for a while about the invitation, but I didn't pay much attention.  She's gotten enough legitimate solicitations for applications that in my books this one was no biggie.  It was when she started pestering me about "Should I put your email or Dad's?" that I started to tune in.  I was like, "What?  What do they want MY email for???"  My spam detector was buzzing.
  • Dawn's Helpful Hint (DHH) #1:  when a site that already has YOUR email and has already taken the liberty of establishing a relationship with you, they probably don't have any legitimate reason to be asking for anyone else's email address or contact info UNLESS you are in some very, very official process (like an actual college application or providing death benefits information).  Whenever you get a request for someone else's info, your scam detector should go off.  Before you supply the information ALWAYS think very carefully...does this site REALLY need this?  Really?  Why??? And would that person get upset if I gave out their information?
Further investigation showed that the link went to something that looked like it might be related to School-of-Choice, but wasn't quite right.  Let's pretend that the URL for School-of-Choice is http://www.soc.edu.  This thing went to http://www.soc-admin.org.
  • DHH #2:  universities almost always use a .edu If you see something purporting to be from a university but doesn't end in .edu...be suspicious. 
  • DHH #3:  when in doubt about whether a web page is associated with a large organization like a university or a bank, try to get there from the home page of the organization.  In this case, we went to http://www.soc.edu, and of course the normal admissions pages we got to from there had nothing to do with http://www.soc-admin.org.
And here's the piece de resistance:
  • DHH #4: You can always get some pretty interesting information about who really owns the site by performing a WHOIS search.  Network Solutions provides a reasonable one. For example, if you do a whois search on mtsd.us, you will find
  • Registrant Name:                             Thomas DeSisto
    Registrant Organization:                     Montgomery Township Board of Education
    Registrant Address1:                         1014 RT. 601
    Registrant City:                             Skillman
    Registrant State/Province:                   NJ
    Registrant Postal Code:                      08558
    Registrant Country:                          United States
    Registrant Country Code:                     US
    Registrant Phone Number:                     +1.6094667182
Looks pretty legit for Montgomery, no?  But when we did that whois search on that soc-admin.org, we found it was registered by one Royall and Company in Virginia. Nowhere near School-of-Choice.  Not surprisingly, when we combed through Annapurna's email for the assorted solicitations she has received over the past few months, many, many of them contained links to websites registered by that very same Royall and Company.  

So why does Royall and Company want to pretend to be assorted gourmet universities?  I don't know.  I'm not Royall and Company.  Their web site indicates that they do direct marketing for student recruitment.  So maybe I'm being too cynical and these universities really have hired Royall to reach out to students who fit some profile or other.  Or maybe they want to sell mom and dad's email address to banks looking to make student loans.  Or both.  I can't tell.  

Saturday, January 12, 2013

US Statistics

There are some really interesting statistics at Ranking America.  This site provides a number of graphics illustrating how the US compares with a number of other countries on assorted categories.  The US does rather poorly on many indices of health and wellbeing, compared to other developed countries.

Some of the more telling: US ranks:

  • 33rd out of 34 selected countries (Europe + Japan + US) in acceptance of evolution
  • 2nd out of 35 selected countries in child poverty behind only Romania
  • 12th out of 12 countries in introduction of sex education 
  • Abominable in arts funding:  $0.44 per capita, as compared with, say, middle-of-the-pack Northern Ireland, which spent $13.62 in 2005
  • And one I am certain you have often wondered about:  2nd in imports of asses, with 28.1% of the world's ass total imports (second only to Yemen).  
I really like two things about this site
1)  It provides simple graphics (generally bar charts) to show relative rankings
2)  It provides sources for the statistics it is using.

Some of the graphics are a tiny bit confusing or misleading, where they show the US relationship to the top 10 (even though the US isn't actually in the top 10, and they don't tell you what position the US actually has.)

Tuesday, January 8, 2013

Total Information Awareness...Take 2

Oy...

Check out this Wall Street Journal (of all sources!) article on how Total Information Awareness is being resuscitated:

The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them.
And
The agency's best-known product is a database called TIDE, which stands for the Terrorist Identities Datamart Environment. TIDE contains more than 500,000 identities suspected of terror links. Some names are known or suspected terrorists; others are terrorists' friends and families; still more are people with some loose affiliation to a terrorist.  
Yeah, that means you, you threat to national security peace activists

Facebook and Pinterest posts not included.  

Yet.

Wednesday, January 2, 2013

2012 books

As I did, for 2011, I'm posting a list of books read/listened to in 2012.  Reasonably good year.  Couple of groaners that I felt obligated to finish, in spite of my better judgment.
* = Recommended
X = Stay away! - No absolute musts, this year, so I've indicated groaners with an "Oy"
  • Mike and Psmith: P. G. Wodehouse (I'm tempted to put this as a *, but it's such fluff :-))
  • An Occurrence at Owl Creek Bridge: Ambrose Bierce
  • Death of Ivan Ilych: Leo Tolstoy
  • * The Greatest Show on Earth (audiobook, narrated by the man, himself): Richard Dawkins (I'm putting this as a * -- it's pretty accessible, but at times it gets a little technical -- stick with it, though.) I think I still prefer Sapolsky for writing style, and coverage of a lot of the same kinds of concepts.
  • Persuasion: Jane Austen (what would a reading year be without an Austen?)
  • The Life of Pi (audiobook): Yann Martel - didn't get it - can someone please explain it to me?
  • Mansfield Park: Jane Austen (Mostly because I saw the 1999 movie and was like...really??? She didn't write that...did she?)
  • * Last Man in Tower (audiobook): Arvind Adiga
  • * Plugged (audiobook): Eoin Colfer - may not be for everyone...a bit heavy on the violence, but darkly charming
  • Nation (audiobook): Terry Pratchett
  • The Thousand Autumns of Jacob de Zoet (audiobook): David Mitchell
  • The Complete Stories of Dorothy Parker (audiobook):  Dorothy Parker
  • Wives and Daughters:  Elizabeth Gaskell (This was a re-read, mostly because I discovered the lovely BBC miniseries based on it, by Andrew Davies, the same screenwriter as did my very favorite Pride and Prejudice production - it's almost as good, though nothing can ever compare, really.)
  • Between the Assassinations (audiobook): Aravind Adiga
  • Next (audiobook):  Michael Crichton - Oy...
  • Fairest (audiobook):  Gail Carson Levine - think I liked Ella Enchanted better, but this was good, too.
  • Mrs. Dalloway (audiobook): Virginia Woolf - very strange, though I enjoyed it - never really saw a woman writing stream of consciousness like that
  • Return of the Native (audiobook):  Thomas Hardy
  • Daniel Deronda:  Mary Ann Evans (aka George Eliot) - kind of Oy
  • Pillars of the Earth (audiobook):  Ken Follett - Oy...but now I'm really, really comfortable with the difference between a transept and a chancel and a nave.  Also clerestory.
  • Psmith in the City:  P. G. Wodehouse
  • Hard Times (audiobook):  Charles Dickens - Oy
  • The Girl Who Played With Fire (audiobook):  Stieg Larsson - bit of a disappointment...I loved the other two, and it was a mistake to read them out of order, but honestly, I think this one could probably be dropped completely or have at least 30% excised.  Still hoping to meet this Blomqvist guy.
  • * The Kitchen God's Wife:  Amy Tan (inspired by Annapurna, who read it for an English project) It is a testament to how much I enjoyed the story that I was willing to read it on paper.  Helped that I had an upstairs copy and a downstairs one, courtesy of a donation of a spare copy from my mother :-)
  • * The Time Traveler's Wife (audiobook)Audrey Niffenegger - I'm putting this as a *, but it's kind of chick lit, though writers will find it an interesting study, as well - lot of structural and point of view technical challenges handled nicely here.  Actually, I'm not done with it yet, but I'm close enough that I'll claim victory.
Started:
  • Fixing my Gaze: Susan R. Barry
  • Moby Dick: Herman Melville
  • Little Brother: Cory Doctorow
  • Assorted essays from The Best American Science and Nature Writing (2011 edition) -- some quite good.
  • Interpreter of Maladies:  Jhumpa Lahiri  (inspired by Annapurna, who read it for English class)
  • Broken Ballots:  Will Your Vote Count:  Douglas W. Jones and Barbara Simons
  • Harry Potter 4 - with Annapurna and Sidharta - parts
  • The Great Gatsby: F. Scott Fitzgerald (inspired by Annapurna, who read it for English class)
  • Moll Flanders:  Daniel Defoe - still working on it
  • Rakshasa's Ring:  Visakhadatta - still working on it - I read it years ago and loved it...talk about royal skullduggery...it's like Philippa Gregory on steroids
And with Sidharta:
  • Heidi: Johanna Spyri -- surprisingly, he really enjoyed it, though he got bored and abandoned it after 80%
  • Lots of Calvin and Hobbes, as always
  • Lots of his 1000 page tome on Mammals (aka The Princeton Encyclopedia of Mammals which I got a couple of years ago in a lucky purchase on sale for $20 on one of the outdoors tables at Labyrinth.  It normally goes for about $40...ask me why I know that :-)
  • Lots of Asterix
  • Children's abridged version of Time Machine: H.G. Wells -- he wanted to read it a second time after we finished it - he had read parts of it himself, and wanted to hear it again
  • Some Grimm's Fairy Tales and Yellow Fairy Book
  • Son of Neptune:  Rick Riordan (parts - he read most, himself)
  • The Hobbit:  J.R.R. Tolkien (part - I think the language got a little highfalutin for him)
  • * Robin Hood: (As retold by Roger Lancelyn Green) - one of my all time favorite children's books
And a good chunk of Harry Potter 4 with Annapurna and Sidharta.

And I feel I also deserve credit for having read a couple of additional 1000 page novels by virtue of having watched the Forsyte Saga (seasons 1 and 2), Downton Abbey (seasons 1 and 2) and the Wives and Daughters series :-)  Also a couple of excellent Coursera classes (especially Alex Halderman's Securing Digital Democracy)