To opt out of Facebook's new "Instant personalization" feature, follow these steps:

1. Click "Account" on the upper right of the menu bar on your Facebook home page.
2. Click "Privacy Settings" on the drop-down menu that appears.
3. Click the "Applications and Websites" link on the Privacy Settings page.
4. Look for the "Instant Personalization" section at the bottom of the page.
5. Uncheck "Allow".
6. When asked "Are you sure?", click "Confirm".

According to the disclaimer in the "Are you sure?" dialog ("Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application."), this may not be enough to completely protect your privacy. Best to review all settings, and make sure they suit your needs.

Clicking "Learn more" on the "Are you sure?" dialog takes you to the "Social plugins and instant personalization" help page.

On that page, under the "Instant personalization and partner sites" section, in the answer to the question "How do third party websites instantly personalize my experience?", it is stated that personalization of third-party sites can occur only when you're still logged in to Facebook. Probably means tracking cookies maintained by your browser are going to be used by these applications. It might be wise to log off Facebook when browsing other sites.

Alternately, Internet Explorer 8 has the "InPrivate" browsing feature, which might be useful avoiding some of these unpleasantries. For example, browse news sites and others where you don't care about or need cookies, using "InPrivate" browsing; then, turn off "InPrivate" browsing when using Facebook and other sites requiring cookies (such as your bank).

In another approach, you could use FireFox for one set of sites, and Internet Explorer for the others. I do this sometimes, though mostly to deal with those sites that apparently think compatibility with Internet Explorer is the Holy Grail of browsing experiences. Not!

For Windows 7 Home Premium:

1. Click Start|Run.
2. Enter "netplwiz".
3. Click OK.
4. Click the Advanced tab.
5. Check "Require users to press Ctrl-Alt-Delete".
6. Click OK.

BT4 uses Linux kernel version 2.6.29.4

BT3 uses Linux kernel version 2.6.21.5

Details are found here, but the important steps are:

1. Open regedit.
2. Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background.
3. Change the value of the OEMBackground key to "1".
4. Create the directory \Windows\System32\oobe\info\backgrounds.
5. Copy the desired background into the above directory as "backgroundDefault.jpg".

That's all there is to it!

Since I prefer basic black, I created a 64x64 pixel black-filled JPEG, and used that. Boring, I know, but much better (to me) than the *very* disturbing default background.

When airmon-ng check is executed on the ASUS 1000HE Eee PC I have running Ubuntu 9.10 Netbook Remix, these services are reported as problematic:

avahi-daemon
NetworkManager
wpa_supplicant

To keep these services from starting, I followed these steps:
- Created a backup of directory /etc/init, named /etc/init_backup.
- Deleted the files avahi-daemon.conf and network-manager.conf from /etc/init.
- Rebooted the system.

While one or more scripts could be used to bring these services up, or shut them down, I opted for turning them off completely on the ASUS 1000HE Eee PC, since I'm using that as an attack system.

This might be a fix. Simply, create a batch file with these contents:

start /abovenormal "C:\Program Files\iTunes\iTunes.exe"

Todo: Needs testing, with and without ESET disabled.

Along with source files and other documents, is found in:

/pentest/svn/kismet-devel

The per-user Windows 7 Send To shortcuts are located here:

C:\Users\[USERID]\AppData\Roaming\Microsoft\Windows\SendTo

Here's where things get squirreled away for either start menu or task bar pinning:

C:\Users\[USERID]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned

Is found here.

Note: To get this working correctly with a three partition setup as described above, make sure lilo.conf is modified so that this line:

root = /dev/sda1

changes to:

root = /dev/sda3

Otherwise, you will get a kernel panic!

Note: To make changes to the lilo boot loader once installation is complete, use these steps:

vi /etc/lilo.conf mount /dev/sda1 /boot lilo -v

and then reboot the system.

Update: Installation on ASUS 1000HE using these instructions worked first time through.

I downloaded the manual installer mobireaderBlackberry.zip from this location, and installed it using Desktop Manager.

Installation worked first time through, so that was a major improvement over the firmware update.

Proved impossible to do via Desktop Manager. This link describes using Loader.exe to do the job.

It worked as suggested, though the path to the file is

C:\Program Files\Common Files\Research In Motion\AppLoader

for Windows XP.

Is located here.

Way too many entries being started via the registry on system boot.

Those I deleted were:

- ALCMTR.EXE - Realtek tray monitor (see this for a description).
- hkcmd.exe - Intel hotkeys utility (described here).
- igfxpers.exe - Intel graphics tray utility.
- igfxtray.exe - Intel graphics tray utility.
- MS Office IME support (IMEKRMIG.EXE, IMJPMIG.EXE, ImScInst.exe, TINTSETP.EXE).
- QTTask.exe - Apple QuickTime system tray lameness.
- RTHDCPL.EXE - Realtek Control Panel applet.

Can be found here.

Straight-forward to do (pretty much the same as for FireFox):

- Find the profile directory under Thunderbird\Profiles.
- Archive the contents of that directory.
- Extract the files to the new location.

Since I was moving from Windows 7 to Windows XP, I did have to modify the location of the email folders. Other than that, everything seemed to work just fine.

Easiest way to install unrar is:

sudo apt-get install unrar

This will install the command line version of the utility, and also integrate it with the Gnome Archive Manager.

For (e.g.) the BT4 distribution on a USB drive, I used:

mount /mnt/usb/casper/filesystem.squashfs /mnt/squashfs/ -t squashfs -o loop

Just installed the UltraVNC server on fussball, and the full package on ramshackle.

I can now remotely administer Kaspersky Internet Security, and perform other sysadmin tasks, without having to run over to fussball all the time to do it.

Maybe... There's a remastersys utility included in the BT4 distribution, which I'm running right now. Since space on the 4GB SD card I'm using to run BT4 is at a premium, I have the files being spooled onto the 4GB USB drive.

Steps followed:
- Insert USB drive.
- If it automounts, unmount it.
- Do a mkfs.ext3 on (e.g.) /dev/sdc1 to create and format the file system.
- Mount the USB drive on (e.g.) /mnt/usb.
- Create a directory /mnt/usb/remastersys.
- Create a symbolic link to it in the /home directory:

cd /home
ln -s /mnt/usb/remastersys

- Run remastersys from the menu. Choose the first menu entry ("Backup Complete System including User Data").
- Note: I had to do an

apt-get install remastersys

after running remastersys from the menu the first time. Since I've not yet gone all the way through the process, I don't know yet if remastersys will reinstall once it's completed.

Update: Here's a progress report of sorts for work done on this last night:
- Once remastersys removes itself during backup process, it's gone. Must be reinstalled to be used again.
- 4GB USB drive too small for remastersys process.
- Used 16GB USB drive formatted with ext3 filesystem.
- Copied custombackup.iso from 16GB drive to NTFS-formatted USB external hard drive.
- Booted to Win7.
- Copied (.iso) file to hard drive.
- Formatted 4GB USB drive with FAT32 file system.
- Used unetbootin to copy (.iso) file contents to 4GB USB drive.
- Booted to BT4 using 4GB USB drive.
- Uses dumb 'n slow X-server.
- xorg.conf not in /etc/X11.
- Copied from 4GB SD card.
- Works fine on X-server restart (ctrl-alt-bkspc).
- Changes are lost on OS reboot.

Update: All of the above was way too complicated, with no certainty of success. So, I used partimage to back up the BT4 partitions. Next up will be restoring them, most likely to my 4GB USB drive.

I changed the XAMPP security levels so that MySQL and phpMyAdmin were password-protected. Once I did that, I couldn't get to my Wordpress weblog anymore.

Turns out that a change to c:\xampp\htdocs\wordpress\wp-config.php, described here, was required. All that was needed was changing define('DB_PASSWORD', ''); from an empty string to the MySQL password.

Update: Moving to a server isn't quite as simple as I first thought. In order to correctly access the pages, I needed to change WordPress settings so that the server name was used instead of localhost.

Further, both Windows XP and Kaspersky Internet Security 2010 firewalling are turned off so I can access the pages. Very risky security-wise, and in need of fixing before too long.

Update: Windows XP firewall was blocking access to Apache (I guess), since leaving it off - and Kaspersky Internet Security 2010 on - left me with a more secure server environment, and access to all XAMPP features.

Out-of-the-box graphics performance for BT4 running KDE on my Acer 4530 was pretty slow. Turns out the latest proprietary NVIDIA drivers (version 190.53) install and run beautifully.

Update: Although all other changes I've made when booting a persistent BT4 image have been kept across sessions, the NVIDIA-modified /etc/X11/xorg.conf keeps getting replaced with the much-slower default version. I need to figure out how to fix this.

Update: This post mentions the dexconf utility being used. Sounds like the culprit.

Update: Renamed dexconf to dexconf-no, restored NVIDIA-version xorg.conf, and BT4 is now consistently using the NVIDIA drivers. Problem solved.

Since the Offensive Security "BackTrack WiFu" course is still using BackTrack 3, info on creating a persistent data partition for that distro is needed.

A comprehensive discussion can be found here.

For BackTrack 3, with the ALFA Networks adapter:

- Change "source=" line in /usr/local/etc/kismet/kismet.conf to "source=rt8180,ra0,ra0".

For Ubuntu 9.10, using the built-in wireless chipset:

- Change the "source=" line in /etc/kismet/kismet.conf to "source=rt2500,ra0,ra0".

I've been using AxCrypt to secure personal data for a number of years, and have been pretty happy with it. A little glitchy under Vista and Windows 7, but otherwise a great choice.

Now that I'm using Ubuntu on my netbook, I've been investigating other personal data encryption tools. One I've found that I really like - in fact I'm in the process of switching over to it right now - is KeePassX.

It works very nicely under both Windows 7 and Ubuntu 9.10, plus there's supposed to be a port to Windows Mobile 6.x. If there is, it would be great to have it running on all three platforms.

In addition there's the option for running the program from a flash drive, so I can move it around without having to install extra software, which is another disadvantage of AxCrypt.

Update: Turns out I was a little behind the times with AxCrypt. Later versions do support Windows 7, very nicely in fact. Since TrueCrypt is another method of encryption I'm investigating, I've tabled KeePassX migration.

To open lock and reset combination:
1. Align to factory preset combo (0000).
2. Pull out the right side of lock.
3. Turn the black dial on the right side of the numbers 90 degrees clockwise until it clicks and cannot turn further.
4. Select your new combo by aligning the numbers with the white align mark on the left side of the numbers.
5. Turn the black dial counter-clockwise back to its original position. The new combo is now set.

Here are links to minimalist or mobile versions of some of the websites I frequent:

Movies
- West Boylston Cinema

Networking
- Facebook
- LinkedIn

News
- Drudge Report
- Fox News

Other
- Amazon
- LDS Stake and Ward Website Login
- Google Maps
- Wikipedia

Weather
- AccuWeather
- Weather Underground

Follow these steps to add Administrator to the list of users displayed on the welcome screen:

- Open regedit.
- Go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList.
- Create a new REG_DWORD key named "Administrator".
- Assign it a value of "1".
- Close regedit.
- Reboot the system (not sure this last step is really needed).

To remove, just change the "1" to a zero ("0").

A detailed description of this procedure, and some other nifty tricks is here.

In general, refer to the excellent instructions here.

- Use ImgBurn to create ISO of recovery DVD
- Expand WINPE.ISO to (e.g.) C:\EeePC
- Extract and copy EEEPC-ENG.GHO to C:\EeePC
- Edit C:\EeePC\I386\SYSTEM32\WINPESHL.INI by changing

[LaunchApp]
AppPath = X:\EPCRecover.exe

to

[LaunchApp]
AppPath = X:\Ghost32.exe

- Format 4GB USB drive using NTFS(!)
- Use PeToUsb to copy C:\EeePC contents to USB flash drive
- Boot USB drive on EeePC

Instructions for soft and hard resets are to be found here.

The official site is found here.

Drivers for the Motorola i290 are at this location. Note that these drivers are specific to Motorola's iDEN phones.

Configuration info is here. All I needed to access the internet using these instructions was setting #777 as the phone number.

I haven't seen where I've been billed for the (short amount of) airtime I've used accessing the internet.

Multiple ways to create a partition for persistent data are covered here.

Follow the instructions here.

Don't need to worry about Nessus right now, so hopefully a 4GB flash drive will be sufficient.

Update: The key element to getting persistence working is to make sure that the partition for changes is formatted like so:

mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

This is per the instructions linked to at the beginning of the article. And, it turns out that a 4GB SD card is more than enough for the BT4 files and the persistence partition, without Nessus installed.

Follow the instructions here.

Note that dmesg will display a number of configuration file errors once ifconfig ra0 up is run. I haven't looked at these in any detail yet.

Update: This post in the above-linked thread provides a script-based solution, which I've modified to connect to the home AP.

Works great!

Remove the battery, and look for the sticker underneath. A sticker with BlueTooth info is also located under the battery.

Specs for my 1000HE wireless are:
- Manufacturer: AzureWave.
- Part number: AW-NE766.
- FCC ID: MSQEPC1000H.

FCC data for the system are here.

Update: Booting to the BT4 console and running lspci gives this ID string:

01:00.0 Network controller: RaLink RT2860

while booting to the BT3 console and running lspci gives:

01:00.0 Network controller: RaLink Unknown device 0781

There's an interesting truth in this article, and it is that Wikipedia should be considered only the first point of investigation in researching a subject. Book-based study - lots of either print or electronic book-based study - must follow initially getting familiar with the subject using a source like Wikipedia.

However, it does not hold that all information sources on the net are inherently error prone, or that all printed material is completely reliable.

A couple of examples:

1. If I want information on the history of the battle of Okinawa, I can conduct in-depth research online. The government has many resources available, and there are others, as well. In fact, I downloaded the PDF version of a book on this subject - originally published in 1947, I think - from the Government Printing Office. It was only after I'd spent some time with the online version, that I decided to get the printed one.

2. While bogus information about celebrities or politicians can be found on Wikipedia or similar sites, there are also tons on reliable or at least informative sites around. Every politician in the U.S. has an official website, as do most individuals enjoying celebrity status. There are also fan sites, online news and critical sites, etc.

The most important thing I got out of reading this article is that the straw man logical fallacy is not dead. It is alive and well in the minds of those who feel that students are dumbed down because of their use internet resources, when it seems - from the information presented in this one article, at least - that the fault lies with the teachers, professors, and experts, who consider this the case.

Those who are mentors will not fail to grasp the opportunity the net provides for teaching their proteges. The mundane and fearful will miss the boat, both with the student and net. They are quick to place blame on others - the invisible faces of the net - while not accepting a jot of it for their own weakness.

If there is a "short-cut culture", a cut and paste society, where are the guides for the rising generation, who will show them the qualities and deficiencies of online resources?

Regarding printed material, it is not the case that all books are created equal. In my years as a computing professional, I have read technical texts that have run the gamut from punditry to advanced technologies. I've read - and in a couple of cases, tossed - books that have been of inferior quality, as regards either layout or accuracy, or both.

The same is true with some of the history texts I've read, though the irritant there more often than not has been the agenda of the author.

Another example of caution with print books is the maxim I've formed over the years of not reading most fictional works' introductions, which are generally self-serving bits of polemic against the very works being introduced.

Better in these cases to call them "criticisms", and put them in their own book. But that wouldn't sell very well, would it? (I think "Finding Forrester" treats of this subject very well.)

This article is based on an email I sent to a couple of family members. Most emails I send do not contain much in the way of commentary. I made this the exception because I wanted to prove that a mini-essay about a online article - which contains at least one debatable point - could be done in fairly short order, without resort to any other source but my own recollection and critical thinking skills.

This last, critical thinking, is something that has been left out of the curricula of most schools for quite some time. C.S. Lewis addressed this years ago, in the "Chronicles of Narnia" ("My heavens, what are they teaching in schools these days?"). It has only been getting worse in the decades since he penned his works.

The irony is that the original Internet, especially its newsgroups, was considered the new public forum. The World Wide Web, while it has its risks, has only improved the situation.

A detailed list of Linux screen modes is nicely tabulated in this Wikipedia article: VESA BIOS Extensions.

So the Synergy bootstrapping discussed earlier doesn't work as advertised once the system's rebooted.

The changes I made only work if network connectivity is already established. That's an of course, given that Synergy relies on a network connection, but not the case in my current wireless-only configuration.

The result is that I have to log on for the wireless connection to be made, and then I can start Synergy.

The next big thing with Synergy was getting it to automatically start.

For Windows, this was a simple trick: Just click the Synergy dialog's AutoStart button.

Linux is another story. The Synergy project's Autostarting link gives some help, but is really too confusing. I did some searching, and found this discussion: Autostart Synergy w/Sudo.

After some testing, the solution I settled on was editing /etc/gdm/Init/Default and /etc/gdm/PreSession/Default to include the line "/usr/bin/synergyc hostname" just before the exit statement at the end of each file.

That seems to have done the trick!

Stacking a keyboard on top of a closed-lid laptop, and then reversing the steps, whenever I wanted to switch between systems in a limited-space environment, was getting to be a real pain.

Then I remembered Synergy. It has binaries for both Windows and Linux, so retrieving and installing it was simple. The biggest problem was getting the Linux client to see the Windows server.

Pinging the Windows system showed the problem: DNS was resolving external systems before local ones. I wasn't sure on how to correct the problem, but searching quickly got me to the solution: How to resolve hostnames in linux.

Now I'm pleased to have both systems sharing a single keyboard and mouse.

I ran into a problem where clicking on the folder icon for my staging directory would cause Windows Explorer to display the hourglass cursor for several seconds before the contents of the directory were displayed.

After some experimentation, I determined that it was because of the Boost archive in the directory. Once I moved the zip file to a subdirectory, things sped right up.

I don't know if there's a way to control the obvious traversal of the archive by Windows Explorer - presumably using WinRar, which is what I have installed for archive management - but it'd be nice to eliminate it without resorting to a fairly lame workaround.

Update: TuneXP has a "Disable ZIP folders" option. It sort of works, but has some weird side effects involving default zip file associations.

Doing some examination of code produced by a couple of compilers today, I ran across a couple of oddities:

1. Insertion of FLD/FSTP pairs in startup code for both MSVC and Watcom compilers.

Apparently this is a well-known optimization trick, used to do a quick 8-byte copy into a memory location. It's supposed to be faster than MOVS for the 8-byte copy, and handy when all the registers needed for a MOVS are in use.

See this bug report for a good explanation.

2. Also noticed that code sequences like this:

lea edi, [ebp+var_12C]
mov ecx, 48h
mov eax, 0CCCCCCCCh
rep stosd

occur frequently in MSVC-generated executables.

Did some checking, and came across this article: Troubleshooting Common Problems with Applications: Debugging in the Real World.

In the article, four code patterns are shown:

0xFDFDFDFD ; No man's land (normally outside of a process)
0xDDDDDDDD ; Freed memory
0xCDCDCDCD ; Uninitialized (global)
0xCCCCCCCC ; Uninitialized locals (on the stack)

The one I'm seeing is where memory is allocated on the stack, but not initialized.

Interesting tidbits.

Another scam-bait, and probably the last one for a while.

This document shows the BG Group scammer at work (if "work" is the right word), and my dual-persona baiting attempt.

Supporting documents will stay off line, since I don't want the clueless to get any.

I recently got email for a "transactions specialist" position. A bogus opportunity, no doubt, but one of the better phishing attempts I've had land in my inbox.

Acting as a potential employee, I scam-baited the so-called Baikal Investment company: This document chronicles my efforts.

Note: If you've ever gotten an email from GaloTrust, RRH Financial, or Elbrus Trust & Fund, you've been dealing with the same phishers. Accept nothing from them as sincere or legal.

Since I'm still in the job market, I've been poking at a number of different projects. One I've undertaken is a little scam baiting with the supposed "Baikal Investment" group.

I was thinking about joining one of the scam baiting groups, but after reviewing some of the trophies they've collected, I've decided against it. In addition to running the gamut from crude to outright offensive, the photos reveal a malicious streak in the baiters. I think a little more honor among the honorable is in order.

Law enforcement and judicial types could never get away with the kind of things being done to humiliate the perps; I see no good reason to follow a bad example.

Good Wikipedia link on the subject is here: Scam baiting.

Only a couple of hours since my last post, and this article appears: Police: Alabama Sex Offender Poses as Teen, Takes 14-Year-Old to School Dance.

How did the two originally meet? Online interaction? In person? Does it matter? Notice the reporting of this as a case where a sex offender, not an "internet predator", or a "pedophile", was caught.

Aforementioned article be hanged for playing with words. Good thing real people in the real world (hat tip to the school faculty, and the local police) observed and dealt with a real problem.

Please note also, no polling of students was done to see what their interpretation of events was.

During my perusal of the Drudge Report today, I ran across a link to this article: Fears of Internet predators unfounded, study finds.

At the risk of being subjective...

Oh, to heck with it. I'm going to be subjective. After all, the article is. Let me show some examples:

"A lot of parental worries... are unjustified".

Therefore, most of - but not all - a parent's concerns about their child's safety while on the net can be swept under the carpet. What percentage of the time should I worry about my teen's being approached by predators?

"Actually, internet-related sex crimes are a pretty small proportion of sex crimes that adolescents suffer".

Well, this is progress. We've gone from worrying about something that might happen to something that does happen. But we should cheer up, because it's a relatively small percentage. (Fallacy alert: All three studies Wolak refers to are conducted by the same research center.)

Next? Youth surveys. Two of 'em. Same kids? Probably not.

Going with the assumption that we're dealing with a total of 6000 kids over the course of six years, I guess parents are supposed to collapse under the sheer weight of numbers.

Not so. I think parents would be better served if more investigators had been surveyed. After all, they're the ones on the frontlines, trying to catch the perps, hopefully before any crime's been committed.

If, as the first bulleted item in the article states, sex assaults on teens have dropped 52% in the twelve years from 1993 to 2005, I think it can be attributed to two things:

1. The Net, Baby! Hey gosh, that's right! The world-wide web (not to be confused with the Internet, which we all know Al Gore invented), really started cranking in the 90's. More kids stayed inside because of this. Less opportunity for dirtbags in cars and on the hoof to walk up to kids on the street with ye olde candy or gimme directions lures. Such scum had to reinvent themselves. And so they did, once they realized the 'net was the new street. (For an example, see Pedophile Playground Discovered in 'Second Life' Virtual World.)

2. Law enforcement prevails. Once the scum of the earth types started victimizing kids online, law enforcement agencies at all levels - federal, state, and municipal - began to respond. And, they've responded well. (See Ex-cop helps nab online predators for an example of a really dedicated officer!)

In addition to determined effort, law enforcement's reach has significantly increased. This is a necessary response to the cross-the-border nature of internet crime. Lately, there's been evidence of high levels of cooperation amongst various domestic and international law enforcement agencies. (Christopher Neil's a good example of a pedophile run to ground this way. See Thailand nabs Canadian pedophile suspect.)

Deep breath, and back to the article's subjective quotes...

"The Internet may not be as risky as a lot of other things that parents do without concern, such as driving kids to the mall and leaving them there for two hours."

Dude, get off that crack pipe you're on. Do you even have any kids? Whether or no, do you come factory supplied with a special "Woot! I'm not worrying about the kids!" switch? All the parents I know don't.

Sure, we let our kids go to the cinema, or the mall, or to a friend's house. Most always with an injunction to be good, and most times laying down in pretty certain terms just what that means. ("Behold, I am Wolak, and I live in the land of 'Not Ever Grounded'!")

Terminology soup, or "internet predators" vs. "pedophiles".

In "Aliens vs. Predators", the big contest was between, well, the aliens and the predators. But who was caught between? Yup, the crunchable, snackable, expendable humans.

The fallacy of the "internet predators are pedophiles" belief is about as consoling to children (by which I mean "those who have not yet reached their majority", thank you very much) who are victimized, as it is for humans to be either snacked on or spine torn in "AVP".

Further, doesn't it seem ludicrous to gabble about semantics, when the central issue here is abuse? Parents are concerned about harm coming to their children, no matter the child's age or maturity level, and no matter the means whereby the crime is committed.

Which leads to the next gem: "most internet-linked offenses are essentially statutory rape".

Is this supposed to be another consolation of some kind? Rape is a crime, regardless of how it's committed, the age or relative innocence of the victim, what circumstances lead to the rape, etc. Watering down rape because it's only "statutory" leads down the same revisionist path that gets people believing there was no Holocaust (yes, with a capital "H", because there was one).

Hey, Wolak! Try this experiment: walk into a rape clinic (which I'll bet you didn't do for your study), and try to console one of the teenage victims with the it was only "statutory" line. See if you're able to walk out of the building alive after that jackass approach to helping.

More mumbo-jumbo (aka "Incoming!). This time the semantic dodge is that "[m]ost victims meet online offenders face-to-face and go to those meetings expecting to engage in sex".

Well, of course they went for that reason. But let's talk a moment about the way a misunderstanding on the parent's part is involved. Quoth bullet the fifth: "Internet predators trick or abduct their victims." This is supposed to be the falsehood to which parents so desperately cling.

Beg pardon, sirs and madams, but a minor who is told one thing about their upcoming sexual escapade, only to find themselves in a very different situation, has indeed been "tricked". It's called lying, and it's what sexual predators do to lure victims into their traps.

Like I said before, the lures used to get kids close enough to the car or alleyway once upon a time were candy or asking for directions. Now, it's bogus information on a social networking site. It's all one, and it's all trickery.

If that child gets into a car, on a plane, takes the subway, or in some other wise moves outside their normal routine and activities to meet the predator, the mere fact of they're doing it doesn't change another fact, which is that they were tricked into doing so.

Further: if the predator meets said child, and then said transportation is used, it is an abduction.

"Only 5 percent of predators..." "...meet their victims by posing online as other teens".

Let's talk about that number for a moment, shall we? While the overall percentage of perps doing this may be small, consider how many more potential victims can be reached with social networking tools such as MySpace and Facebook.

This article, Sexual Predators on Facebook, points to the problem in a general way. It's greatest value probably lies in the comments section. The second responder (who ironically enough links to the DOJ's joint work with CCRC on the issue of predators using online social networks to find victims) refers to a Wired article which states that a previously convicted sex offender was found to have a MySpace account with "nearly 400 friends".

Think about that for a moment. Let the number sink in. Breath deep, and chant with me: "It may only be 5 percent, but look at how much harm can be done by that 5 percent!" Repeat as needed.

The sixth bullet is the one in the chamber the redneck forgot about, while looking down the barrel of the gun to see if it was loaded.

Way back in the day (as the saying goes), parents used to warn their kids against talking with strangers. If we take this bullet the sixth and change it, like so: "Don't talk to strangers!", we come closer to truth, to something axiomatic, than to a fallacy.

The interaction's being online, or the fact that many teenagers (especially) are naive enough to give information to those who cannot be trusted with it, means nothing. Being careful in dealings with others is hardly a paranoic response to life's day-to-day challenges. If my antivirus program tells me a program I've just downloaded is infected with the burn.my.butt virus, am I not wise to hearken, and delete said nastiness?

Until the day comes that minors (there's that telltale oh-look-I-have-a-job-to-do term again) can by themselves discriminate the just from the unjust, the wicked from the good, the wise from the fool, then the maxim stays, "Don't talk to strangers!".

Funny that, for the last bulleted item, Wolak doesn't mention the big "D", for divorce. I think that's probably one of the main contributors to adolescent insecurity.

This final bullet is also misleading, because it tries to fool the reader into generalizing about sexual predators. There's no good bell curve to be looked at when thinking about an issue of this magnitude. Predators go after whomever it suits them to go after. Whatever the deep psychic scars or childhood trauma suffered, however the modus operandi developed, predators are by nature intent on finding their prey.

Parents are the first and best defense against such predacious behavior, and this study is the latest in bad advice on the subject for them. (However! The CCRC's Internet Safety Education for Teens: Getting It Right factsheet is a valuable tool for discussion with teens.)

Speaking of articles, this one raises some issues: US Regulators OK Google-DoubleClick Deal.

Guess we should be thankful that regulators are so concerned about who makes how much money, eh?

The facts that DoubleClick injects targeted advertising into web pages, or that unauthorized data collection is being done in the process, don't matter, do they?

Google may be the juggernaut than runs over Microsoft, but I wonder about the expense, in terms of privacy.

Just read this Fox News article: 'Facebook Suicide' Only Way Out for Some Web Addicts.

Of great interest is the fact that Facebook (and obviously other services, like MySpace) is *costing* a significant number of people relationships, as opposed to building them. Another point worth considering is that predatory behavior is not discouraged. A final point is that one’s past can come back to haunt you. The best case scenario in this respect is where old memories are dredged up, and the worst case is that prior detrimental relationships are renewed.

I’d like to address that latter point from a personal perspective. Someone I know from a long time ago, invited me a few weeks ago to be friends on Facebook. We used to hang out together. We had some cool times: We were in a band together, went to school together, and the like.

There were also some bad things we did, both when we were in school, and after graduation. I won’t go into sordid detail, but I will tell you that all those memories came flooding back when we started an email communication prior to my accepting his offer of renewed *online* friendship. I was at first inclined to reject the offer, but something – guilt feelings, maybe – decided me in favor of accepting.

I will be quite honest in saying that I don’t think I’d spend a lot of time hanging around with this person if they were in the area. We’ve gone on different paths; I have a different ideology, and an excellent set of friends to go with it.

More to the point, as far as I’m concerned, is the fact that I have a wonderful wife and family. The in-person *live* relationships I have with my wife and children, as well as many others, are much more important than any virtual ones.

It’s interesting that I read this article today. It reinforces an idea I’ve been mulling over since Monday night, and that’s pulling the plug on my Facebook account.

I have been a user of different online services – BBS’s, corporate networks, newsgroups, and the like – since the 80’s. Every once in a while, I’ve gotten tangled up in some aspect of being online that’s been initially fascinating, and after a while left me jaded. Once I reached that point, I would simply walk away from whatever novelty du jour was being served up, and get on with a normal life.

I feel the same way now, with Facebook.

I think I’ll flatline my account, and rejoin the living. I encourage you to do the same.

Got the usual bill from Comcast a short while ago. In an ironic but typical twist, the company that's providing my digital internet service sent a paper bill out with a number of printed inserts. The following caught my eye:

Front:

Back:

There are some serious problems with this bit of trash.

1. What's up with use of the term "smarmy"? I'm a huge fan of a well-rounded vocabulary, but I like using the right terms in the right context. I would not describe hackers, phishers, and their ilk, as sauve or ingratiating, would you? Didn't think so.

2. I have a hard time figuring out how our heros can be two steps ahead of the bad guys, while doggedly tracking them down. Sounds to me like someone's running in circles. Not the kind of people you'd want protecting your computers, right?

3. In the interests of honesty and disclosure, McAfee and Comcast should admit that both vendors spend a huge amount of time assessing and responding to new threats. It's doubtful that McAfee's two steps ahead of the competition, and I'm pretty certain they're not keeping up with those nasty online predators.

4. Hackers don't run from antivirus companies. Rather, they love finding ways to sidestep, break, or even commandeer antivirus and internet security programs.

5. Presumably, McAfee and Comcast abide by the rule of law. With that being the case, they can't retaliate to online attacks by initiating their own. Domestic law prohibits such a course of action. Likewise, ethical hackers deplore use of such measures.

6. "Predators become the prey". Yes, this brave new electronic world of ours is strictly Darwinian in nature. Man rises up intelligent from his fire! With nobility crowning his brow - and flint-headed spear in hand - he smites the evil sabertooth!

Huzzah!

No, I don't think so. While McAfee and Comcast would like us to think that they are the guardians of the electronic frontier, they are not. We are entrusted with our own defense. These vendors provide tools, nothing more.

Lots of polemic for such a small piece of paper, but consider: Protection from the worst elements of the online community is being used to promote a partnership between two vendors, with the customer as the supposed beneficiary. Careful consideration leads to the conclusion that we are being asked to trust our data - our electronic wellbeing, as it were - to strangers.

Honestly, are either of these two companies more familiar - or trustworthy - than the plaguey types spamming the ether? Does name recognition really guarantee security? What track record do McAfee and Comcast have, together and individually:

1. Explaining risks associated with using the internet?

2. Stopping online attacks?

3. Successfully prosecuting hackers caught attacking systems they protect?

4. Honoring the contract they create with ad copy such as this?

5. Recompensing those whose systems are compromised when failure occurs?

Rhetorical questions all, but ones that a consumer should have an answer to before deciding to jump at this "great offer".

Look, here's the deal. Computer users inboxes are getting flooded with spam, their systems run a high likelihood of being infected with malware, and pond scum over across the way are running a constant series of phishing attacks, trying to lure them into surrendering their data - and money!

Most of the folks I know have lives outside their computers. They either can't or won't be bothered with obtaining the level of education and proficiency needed to secure their computers. They depend on experts to help them wade through the mass of confusion, usually after a computer's been compromised.

A fully-informed user base is an ideal that will be years in coming, if it happens at all. If it's going to happen, we're going to need a revolution in the user experience. Raising user awareness of the risks they run with each and every computer interaction needs to be built into applications from the ground up.

Before I get into a discussion about how this can be achieved, I want to lay down some ground rules:

Rule 1. User's need to educate themselves on the risks and benefits of the systems and applications they rely on.

Rule 2. Vendors and developers are responsible for providing that education.

Rule 3. Developers cannot afford an elitist's or purist's attitude about their abilities and responsibilities, insisting that user interface design and software security are not central considerations in the design and development of software.

I say this for a couple of good reasons:

- You will be owned. That's right, there's always an opening in your code. And, there's always someone eager to find and exploit it. Look at the burgeoning growth of security-related books. Used to be just a few books out there, now it's a franchise. Most texts make great cookbooks for security consultant types and managers, but they also function as superb howto's for blackhatters. Not everyone who reads these is your friend.

- User-friendliness in the application and web security space is going to win and keep customers. Blatantly ignoring the need to protect the customer's data and privacy will result in lost business and lost jobs. Worse, at least in my mind - and hopefully yours - is the loss of reputation software developers everywhere will suffer.

Rule 4. Developers must add user interface expertise to their toolkit. Any time a user is faced with a decision about whether or not they should commit to an action, the cues on how to correctly do so should be available.

This may sound cumbersome, but it's really no different than getting on the highway and going to work each morning. Nothing about that morning commute is implicit. At some point in time, you figured out the route, the amount of time it would take, the bottlenecks in traffic, etc. Before you venture out each day, you follow a basic routine: get in the car, start the engine, check the mirrors, buckle up, and so on. Signs are posted all along the way, reminding you of your legal obligations, your travel options, and distance traveled. The list goes on.

The point is this: You get on the road for work expecting things to work a certain way. You're conditioned to observe and respond in a specific manner to these external stimuli. After all these years of doing it, you probably don't think about it. Regardless, the rules must be observed, the signs are there to remind you, and work is constantly going on to improve conditions.

Working with computer applications should be no different. Users should feel like the so-called information highway's a pretty safe place, in spite of all the traffic. The fact that there are signs posted all over the place to help them keep in mind the opportunities and obligations they have should barely even register.