January 2008 - Posts

• The Spyware Nightmare

  My parents, who remain spry and sharp well into their 70s, are wise in the ways of the real world, but are like innocent lambs when it comes to the increasingly nasty practices one encounters in the online world. On a recent visit, my father complained that his computer was sluggish and that his browser was doing weird things, such as taking him to some pretty unsavory sites when he merely clicked on a link in an otherwise-normal Web page. The symptoms sounded all-too-familiar, and when I scanned his machine I found what I suspected: it was infected with over 100(!) examples of various types of malware, the now common generic term for malicious software such as viruses, Trojan horses, and spam. The worst offender in my father's case was spyware, a plague upon the earth that threatens to deprive a significant portion of the online world of their sanity. As often happens with new concepts, the term "spyware" has become encrusted with multiple meanings as people attach similar ideas to a convenient and popular label. However, spyware is generally defined as any program that surreptitiously monitors a user's computer activities — particularly the typing of passwords, PINs, and credit card numbers — or harvests sensitive data on the user's computer, and then sends that information to an individual or a company via the user's Internet connection — the so-called backchannel. Linguistic proof of the cultural impact of spyware is the large number of synonyms that have popped up in the past year or so. These include sneakware, stealthware, snoopware, trackware, thiefware, or, tellingly, scumware. A spyware program is also sometimes called an E.T. application, because it "phones home" to secretly send data to an online destination. Many people also use the term adware as a synonym for spyware, but that's not strictly accurate. It's true that some spyware programs do nothing but disgorge ads, but these are usually popup windows (by the dozen) for porn sites. The term "adware" is properly used to refer to any program that displays ads with the user's consent. Of course, the notion of "consent" is a slippery beast these days, and many companies that claim to have a legitimate adware-based business model undermine that legitimacy with confusing, misleading, or simply non-existent consent forms. That's why adware has managed to foist itself on millions of computers, and why, in May 2005, the Los Angeles Times reported that adware has become a truly big business with between U.S.$500 million and $2 billion a year in sales. So it's no wonder that adware firms protest when they get lumped in with spyware purveyors in antispyware programs. In fact, some antispyware companies are being sued by firms who object to their products being tarred with the "spyware" label. These legal threats may be why spyware-scrubbing companies such as McAfee now use the more generic term potentially unwanted program — or PUP — to refer to any program that a user may not want on his or her system, despite the possibility that he or she consented to download it. The problem of consent — or, really, the lack of it — is the reason why spyware is such a huge problem. These programs piggyback on other legitimate programs that users actually want to download, such as file-sharing programs, download managers, and screen savers. This is most often called a drive-by download, the downloading and installation of a program without the user's knowledge or consent. This is closely related to a popup download, the downloading and installation of a program after the user clicks an option in a popup browser window, particularly when the option's intent is vaguely or misleadingly worded. Among the most common of the drive-by downloads is the browser-hijack where the sneakware replaces the user's home page, alters other browser settings (including crucial security settings), and redirects searches and some URLs (such as the addresses of antispyware companies) to the spyware vendor's home page. Some of these browser hijackers even initiate other drive-by downloads to install more malware on the user's computer. Spyware would be less of a problem is users could easily uninstall it from their systems. Unfortunately, most spyware embeds itself deep into a system and removing it is a delicate and time-consuming operation beyond the abilities of even experienced users. Some programs actually come with an "Uninstall" option, but it's nothing but a ruse, of course. The program appears to remove itself from the system, but what it actually does is a covert reinstall, where it reinstalls a fresh version of itself when the computer is idle. This reinstall is most often accomplished by a trickler, a small program that remains running on the system and handles the download of new files without the user's knowledge. Spyware that constantly rises from the dead is called Kruegerware, after Freddy Krueger of Nightmare on Elm Street fame. Unfortunately, it seems that our spyware nightmare is only just beginning. This post appeared originally as my Technically Speaking column in the August 2005 issue of IEEE Spectrum. Posted Jan 25 2008, 04:08 PM by Paul with no comments Filed under: Neologisms, Technically speaking

• Bluetooth Cavities

  As I'm sure most of you know, Bluetooth is a wireless networking standard that uses radio frequencies to set up a communications link between devices. The name comes from Harold Bluetooth, a 10th-century Danish king who united the provinces of Denmark under a single crown, the same way that, theoretically, Bluetooth will unite the world of portable, wireless devices under a single standard. Why name a modern technology after an obscure Danish king? Here's a clue: two of the most important companies backing the Bluetooth standard — Ericsson and Nokia — are Scandinavian. But all is not so rosy in the Bluetooth kingdom these days. The pie-in-the-sky promises of a Bluetooth-united world have become stuck in the mud of unfounded hyperbole, diminished expectations, and security loopholes. It's the last of these concerns that has the Bluetooth community reeling, as one security breach after another has appeared and been duly exploited. For our purposes, these so-called Bluetooth cavities have generated a pleasing vocabulary of new words and phrases to name and describe them. Back in the February, 2004 edition of Technically Speaking, I told you about the practice of bluejacking: temporarily hijacking another person's cell phone by sending it an anonymous text message using the Bluetooth wireless networking system. In a world where the only sure things are death, taxes, and spam, it won't surprise you one bit that people have bluejacked nearby devices to send them unsolicited commercial messages, a practice called, inevitably, bluespamming. (A recent survey by the British public relations firm Rainier PR found that 82 percent of respondents agreed that spam sent to their mobile phones would be "unacceptable." My question is: who are the 18 percent who apparently would find it acceptable?) In that February, 2004 column, I also told you about warchalking, using chalk to place a special symbol on a sidewalk or other surface that indicates a nearby wireless network, especially one that offers Internet access. Now black-hat hackers are wandering around neighborhoods looking for vulnerable Bluetooth devices. (Randomly searching for hackable Bluetooth devices is called bluestumbling; generating an inventory of the available services on the devices — such as voice or fax capabilities — is called bluebrowsing.) When they find them, they're chalking the Bluetooth symbol (the Nordic runes for the letters H and B, for Harold Bluetooth [Editors: insert Bluetooth symbol here? -Paul]) on the sidewalk, a practice known as bluechalking. Bluetooth crackers have recently learned to exploit problems in the Object Exchange (OBEX) protocol to synchronize with a nearby Bluetooth device — a practice called pairing, which is a normal part of the Bluetooth connection process, but in this case it's done without the other person's permission — and copy the person's data: e-mail messages, calendar, and so on. This is known as bluesnarfing and the perpetrators are called bluesnarfers. (The verb to snarf means to grab or snatch something, particularly without permission. It has been in the language since about the 1960s.) A different Bluetooth security breach enables a miscreant to perform bluebugging, which means he or she can not only read data on a Bluetooth-enabled cell phone, but also eavesdrop on conversations, and even send executable commands to the phone to initiate phone calls, send text messages, connect to the Internet, and more. In the Harmless-But-Creepy Department, the unique hardware address assigned to each Bluetooth device provides the impetus behind bluetracking, which means tracking a person's whereabouts by following the signal of their Bluetooth device. (Why anyone would want to do this remains a mystery, but most if not all of these hacks are forged by people who clearly have way too much time on their hands.) Perhaps the weirdest of the recent Bluetooth hacks is the BlueSniper, a Bluetooth scanning device that looks like a sniper rifle with an antenna where the barrel should be. Point the BlueSniper in any direction and it picks up the signals of vulnerable Bluetooth devices up to a kilometer away (compared to the usual Bluetooth scanning distance of a mere 10 meters). And, of course, the BlueSniper also lets you attack those distant devices with your favorite Bluetooth hack. Not all recent Bluetooth developments have been security lapses. In 2004, the newswires and blogs were all aflutter over a new British phenomenon called toothing. Allegedly, complete strangers had been using their Bluetooth phones or PDAs to look for nearby Bluetooth-enabled devices and then sending out flirtatious text messages that supposedly led to furtive sexual encounters. Outrageous? Yes. True? Nope. The whole thing turned out to be a hoax. Will all these negative stores lead to a Bluetooth backlash? Proponents of the networking standard say no, it won't, since the way to avoid almost all Bluetooth security hacks is to set up your device so that it's not discoverable (that is, it's not available to connect with other devices). In other words, the future of the Bluetooth standard may rest on a simple, yet time-honoured, principle: "Just say no." This post appeared originally as my Technically Speaking column in the June 2005 issue of IEEE Spectrum. Posted Jan 18 2008, 04:01 PM by Paul with no comments Filed under: Neologisms, Technically speaking

• Words in the Wind

  The tech sector is a marvelous linguistic factory that ships out truckloads of new words and phrases every year. In this month's column I'll introduce you to a sampling of these new terms that have crossed my path in recent months. Many new tech terms appear alongside recently invented gadgets and ideas and are used to name or describe these inventions. For example, when Dr. Dmitry O. Gorodnichy, a computer vision scientist with the National Research Council of Canada in Ottawa, invented a system that enables a person to control a mouse pointer by moving his or her nose, he also invented an appropriately whimsical new word to name it: the nouse. Similarly, When Yahoo! Mail did a survey of e-mail users not long ago, they found that people were incredibly anxious about the whole e-mail thing. They not only fretted over crafting appropriate replies, but they were also often stressed out by inbox expectations — waiting impatiently for replies from other people. Yahoo! Mail called this anxiety PPMT — Pre and Post Mail Tension. I mentioned back in the August 2004 column that the prefix nano- was all the rage, particularly with company names. Unfortunately, many of these companies have nothing to do with nanotechnology and are only using the prefix because it's trendy, and trendy technologies often generate investor interest. The good news is that we now have a term for these non-nano firms: nano pretenders. However, even those companies that truly operate on the nano-scale are bothersome to Eric Drexler, the chairman of the Foresight Institute and popularizer of the word nanotechnology, which he used originally to describe just molecular manufacturing. So Drexler has suggested a new term for this process: zettatechnology. That may sound strange since the prefix zetta- denotes one sextillion, 1021, a huge number, but Drexler reasons that one sextillion is approximately the number of distinct atomic parts that would be in a product manufactured at the molecular level. Other tech terms seem to come in bunches, particularly when some phenomenon is getting a lot of media attention. A perfect example is the idea of offshoring, sending work to an overseas location. That term isn't new (it has been around since at least the 1970s), but it became a big story in 2004 when people realized that not only manufacturing jobs were being moved overseas, but also that tech jobs in areas such as programming and systems analysis were also offshorable (that adjective is new). As offshoring accelerated, it became more sophisticated, and so did the language. For example, some companies practiced nearshoring, moving jobs to a nearby foreign country. Firms that wanted to keep feet in both camps resorted to twoshoring, using an offshore location and a domestic one. CEOs who preferred to distribute their work eggs over several national baskets came up with multishoring, sending outsourced work to a number of overseas locations. Some of them actually took the time and resources to find the optimum mix of jobs performed locally and jobs moved to foreign countries, a practice called rightshoring. Of course, just as one country's brain drain is another's brain gain, so too do some foreign companies add or expand upon their operations here, a phenomenon called onshoring. Speaking of linguistic trendiness, have you noticed that there are a lot of "factors" running around the tech community these days? I'm talking about the sense of the word that means "an element that contributes to or influences the result of something." This sense has been in the language for a couple of hundred years, but it's only in the last few decades that it has taken up residence as part of such familiar phrases as human factor and risk factor. These days, for example, we hear people talk about the wife acceptance factor (or WAF). In an object, especially an electronic device, that normally appeals only to men, this refers to the features added to the object that  allegedly make it acceptable to women. Such devices also come under the influence of the nag factor, which is the degree to which parents' purchasing decisions are based on being nagged by their children. (This is also called kidfluence or pester power.) Certain segments of the online world have to deal with the gak factor, the tendency for online pornography sites to lose business when credit card charges are discovered by a third party (such as a parent or spouse) and then disavowed by the subscriber. (Presumably the "gak" part comes from the noise the third party makes when they make this unpleasant discovery.) Online marketers often fret about the piss-off factor, the component or quality that has the potential to annoy or anger a person viewing or using the object. As this modest collection shows, the tech sector's language factory is still operating at full capacity. At least the manufacture of new words is one job that's definitely not offshorable. This post appeared originally as my Technically Speaking column in the April 2005 issue of IEEE Spectrum. Posted Jan 10 2008, 03:33 PM by Paul with no comments Filed under: Neologisms, Technically speaking

• The iPod People

  In the last few years, we've seen the rise of gadget porn — images and text that glorify or fetishize high-end or high-tech devices and gadgets. Sure, certain segments of the population have always been gadget-driven: audiophiles, car junkies, the power-tool crazed. But there's something about technology that has taken the craving for gizmos to a new level. As Washington Post technology reporter Mark Leibovich has said, "More than most realms, technology tends to breed fetishistic dedication." It's the gadget-as-fetish angle that most clearly captures this technolust. Wired magazine, never known for its subtlety, comes right to the point: Each month it runs a column that features the latest hi-tech toys. The column's name? Fetish. Personal digital assistants have been the fetish objects of choice over the past few years, with first the Palm Pilot and more recently the BlackBerry being the must-have tools of millions of gadget freaks. (The BlackBerry engenders such obsession in its users that it has earned the nickname CrackBerry.) Fans of Apple Computer's products have always had a cult-like air about them, but their desire first reached truly fetishistic heights with the release of the iMac in the late 90s. This blobject (an object with a curvilinear, flowing design) was suddenly everywhere and spawned a whole generation of what came to be called cuddletech — technology seen or marketed as being cute, friendly, or just plain cuddly. But Apple's current fetish object isn't the latest iMac or the iBook or the G5; it is, by a long shot, the iPod digital music player. As I write this, Apple has sold a remarkable 6 million iPods since 2001, but 2 million of those were sold in the most recent quarter, and analysts were expecting nearly 3 million of them to be sold over the 2004 Christmas season. The technology industry has rarely, if ever, seen a product generate such a gotta-have-it mania. (People love the iPod so much that they're also buying other Apple products. This boost to Apple's bottom line is called the iPod halo effect.) Proof that the iPod obsession has gone from fad to phenomenon is the abundance of new words and phrases that have sprung up around this digital doodad. For example, users are often called iPodders or pod people, and the distinctive white cord that connects the earbuds to the player is why iPod users as a whole have been called the white-cord subculture. New York writer Izzy Grinspan says that iPods have "L-train sex appeal," meaning that the easily recognized design of the iPod - the earbuds and player are white, as well - allows anyone to "identify a user at 30 yards, so that it's possible to scan a subway car and instantly know who's in the club." The members of that club greet each other with the iPod nod, but they're increasingly doing a lot more than that. The latest iPod craze is podjacking, plugging your cord into the jack of another person's iPod (and vice versa, of course) to hear what that person is listening to. This is also called iPod sharing, jack sharing, or the iPod swap. Similar behaviour occurs at an iPod party (or iParty) where iPodders are allowed to plug their iPods into a club's stereo system so that everyone can dance to a song or two from that person's playlist. The iPod was also the inspiration behind the word podcasting, a new technology that aggregates audio content and sends it directly to an iPod or other digital player. The audio material is gathered by a podcaster and stored on a server. The user connects their player to the computer and then downloads the audio feed directly, a process known as podcatching. The group of people who listen to such a podcast is called — wait for it — the podience. References to iPods abound in popular culture, from commercials to comic strips to op-ed columns. iPodlounge (www.ipodlounge.com) calls these references iPodisms and maintains a long list of them on its site. The iPod has become so desired that it's causing iPod envy among those unfortunate few who have yet to purchase one. That's not to say, however, that everything is hunky-dory in the iPod world. Some people complain of playlistism: being judged by others based on what songs comprise one's iPod playlist. ("You're still listening to Outkast? That's so 2004.") Others are tired of being recognised as iPod users, so they've traded in the white cord and earbuds for other colors, thus putting themselves voluntarily in the iPod closet. Then there's the group of users who find themselves listening to music obsessively throughout the day and so suffer from iPod fatigue or, in extreme cases, outright iPod addiction. Some of these iPodaholics have admitted they have a problem and quit their players cold turkey to live a clean and sober post-iPod life. This post appeared originally as my Technically Speaking column in the February 2005 issue of IEEE Spectrum. Posted Jan 04 2008, 03:19 PM by Paul with no comments Filed under: Neologisms, Technically speaking