Posts tagged ‘hacking’


A look back at 2015: a year that was harder to laugh at

20.12.2015

I’ve done this a few times now: looked through my year’s Tumblr posts to get an alternative feel for the Zeitgeist. Tumblr is where I put the less relevant junk that comes by my digital meanderings. But as I scrolled down to January 2015 in the archive, I’m not that certain the posts really reflected the world as we knew it. Nor was there much to laugh at, which was the original reason I started doing these at the close of 2009.
   January, of course, was the month of the Charlie Hebdo massacre, which saw 11 murdered, including the famed cartoonist Wolinski, whose work I enjoyed over the years. Facebook was still going through a massive bot (first-world) problem, being overrun by fake accounts that had to be reported constantly. The anti-vax movement was large enough to prompt a cartoonist to do an idiot’s guide to how vaccines work. In other words, it was a pretty depressing way to end the lunar year and start the solar one.
   February: Hannah Davis made it on to the cover of the Sports Illustrated Swimsuit Edition by pulling her knickers down as far as socially acceptable (or unacceptable, depending on your point of view), while 50 Shades of Grey hit the cinemas, with one person commenting, ‘Seriously, this book raises every red flag warning signal I learned during my Military Police training. Grey is a ****ing psycho.’ Mission: Impossible’s second man with the rubber mask, Leonard Nimoy, he of the TV movie Baffled, passed away. Apparently he did some science fiction series, too.
   Citroën celebrated the 60th anniversary of the DS, generally regarded as one of the greatest car designs of the 20th century, while Alarm für Cobra 11 returned for another half-season in March. In April, one Tweeter refused to do any Bruce Jenner jokes: ‘there are kids & adults confused/bullied/dying over their gender identity,’ said an American photographer called Spike. The devastating Nepalese earthquakes were also in April, again nothing to be joked about. There was this moment of levity:

And the Fairfax Press published a photograph of President Xi of China, although the caption reads ‘South Korea’s President Park Geun Hye’. Wrong country, wrong gender. When reposted on Weibo, this was my most viral post of the year.

   In May, we published a first-hand account of the Nepal ’quakes in Lucire, by Kayla Newhouse. It was a month for motorheads with For the Love of Cars back on Channel 4. Facebook hackers, meanwhile, started targeting Japanese, and later Korean, accounts, taking them over and turning them into bots.
   In June, rumours swirled over the death of Channel 4 newsreader Jon Snow, whereupon I made this image:

   In July, rape complaints against actor Bill Cosby reached fever pitch as woman after woman came out with credible and very similar stories. Staying Stateside, one writer said of the GOP primaries: ‘It will go down someday as the greatest reality show ever conceived. The concept is ingenious. Take a combustible mix of the most depraved and filterless half-wits, scam artists and asylum Napoleons America has to offer, give them all piles of money and tell them to run for president. Add Donald Trump.’ A Sydney man, who allegedly insulted then-Prime Minister Tony Abbott, inspired the internet public to raise funds for him to beat the fine.
   In September, Doctor Who returned to telly for its 35th season, while Facebook continued to be overwhelmed by bots, mostly based around hacked Korean accounts. A young Briton, Connie Talbot, released a cover version of Sam Smith’s ‘Writing’s on the Wall’, the theme from the James Bond film Spectre, which I regarded as superior to the original.
   In October, US Senator Bernie Sanders answered the question, ‘Do black lives matter, or do all lives matter?’ He responded, ‘Black lives matter. And the reason those words matter is the African-American community knows that on any given day, some innocent person like Sandra Bland can get into a car, and then three days later she’s going to end up dead in jail. Or their kids are going to get shot. We need to combat institutional racism from top to bottom, and we need major, major reforms in a broken criminal justice system in which we have more people in jail than China.’
   As we neared the year’s end, I wrote a blog post, uncharacteristically published both on my Tumblr and here, on how a pharmaceutical company would release a Daraprim competitor for US$1 a pill, after the company behind Daraprim raised its price from US$13·50 to US$750. That was before Martin Shkreli, CEO of Turing Pharmaceuticals, was arrested in an investigation that began in 2014. I did one post noting what my Dad had begun forgetting because of his newly diagnosed Alzheimer’s disease, with the intent of following up, out of solidarity with another other caregivers of Alzheimer’s sufferers. November, too, saw Paris’s second major terrorist attack, and Astérix illustrator Albert Uderzo contributed this touching image:

Microsoft rolled out the bug-filled Windows 10, which worked differently every day.
   In December, it wasn’t quite ‘Star Wars, nothing but Star Wars’. There was, after all, Trump, Trump and more Trump, the only potential presidential candidate getting air time outside the US. Observing the primaries, 9Gag noted that the movie Idiocracy ‘started out as a comedy and is turning into a documentary’. Michael Welton wrote, meanwhile, in Counterpunch, ‘The only way we might fathom the post 9/11 American world of governmental deceit and a raw market approach to political problem solving is to assume that moral principle has been banished because the only criteria for action is whether the ends of success and profitability have been achieved. That’s all. That’s it. And since morality is the foundation of legal systems, adhering to law is abandoned as well.’ The New Zealand flag referendum didn’t make it into my Tumblr; but if it had, I wonder if we would be arguing whether the first-placed alternative by Kyle Lockwood is black and blue, or gold and white—a reference to another argument that had internauts wasting bandwidth back in February.
   It’s not an inaccurate snapshot of 2015, but it’s also a pretty depressing one. France tasted terror attacks much like other cities, but the west noticed for a change; there were serious natural disasters; and bonkers politicians got more air time than credible ones. Those moments of levity—my humorous Jon Snow image and feigned ignorance, for instance—were few and far between. It was that much harder to laugh at the year, which stresses just how much we need to do now and in 2016 to get things on a more sensible path. Can we educate and communicate sufficiently to do it, through every channel we have? Or are social media so fragmented now that you’ll only really talk into an echo chamber? And if so, how do we unite behind a set of common values and get around this?

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in cars, China, culture, humour, internet, media, politics, TV, UK, USA | No Comments »


A warning to those with rivers.pro tagcloud code in their Tumblr themes

31.01.2014

Does anyone have the rivers.pro tagcloud code in their Tumblr theme? If so, it’s time to remove it. The code forwards to a website which McAfee SiteAdvisor labels dodgy. It is very hard to remove from a customized theme, since every time the page loads, the forwarding takes place. You’ll have to find a way to stop the loading, then edit your templates.
   The code looks something like this:

<script type="text/javascript" src="http://tumblrtags.rivers.pro/jquery.js"></script><script type="text/javascript" src="http://tumblrtags.rivers.pro/widget.js?css=default&minsize=80&maxsize=180&order=alphabetical"></script>

   I’ve advised Tumblr of this. Maybe they have some way to help Tumblr users.
   Incidentally, you may be asking, ‘Why is he warning people on his regular blog and not on Tumblr?’ The answer is simple: I am not allowed to.
   Every time I tried posting this message, this is what I got:

Tumblr warning on tagcloud code

Maybe Tumblr has already blocked the code?
   Regardless, if you have friends who use Tumblr, please get them to check.

Tags: , , , ,
Posted in design, internet, technology, USA | 2 Comments »


Someone has it worse: a site, clean since April 7, that Google still blocks

26.04.2013

One last post on this topic for now, since this entry is pertinent for a complete picture of what is happening with the Google malware bot.
   Let’s just say for argument’s sake that I’m wrong, and the combined minds of the Google hive are right. An entire company of boffins must be smarter than a guy who doesn’t use automated teller machines, right? So, according to Google, our ad server linked to a location at bjskosherbaskets.com, which distributed malware on April 6. The difference is: we know our server’s been clean since April 6, and Google refuses to see this. Let’s buy into this fantasy and that we still link to this very dangerous, malware-distributing website via our ad server.
   So what about this website at bjskosherbaskets.com itself? What does Google say about them?
   You can try Googling for this site yourself, and you might see this:

It exists, but McAfee SiteAdvisor (in my case) gives it a red X.
   If you click through, you’ll get this advisory from Google:

Oh dear, you mean it’s still infected? Tell me more, Google.

   Um, nothing.
   That’s right. Nothing is wrong with this website. It’s been clean since April 7. Yet Google still blocks this now-clean site and anyone who used to link to it. Even though we cleared the hack and don’t link to it any more, Google still insists that we do, and that we’re guilty for doing so. Even if we were still linking to it, and there’s nothing there that’s malicious, then too bad. I feel for the webmaster of this site, because they’ve done all they can—yet Google blocks them as well, 19 days after its own bot said it last picked up any issues.
   The notion that Google takes five to seven hours to reclassify a site is clean is bollocks. This is running on nearly three weeks and Google is penalizing an innocent website. Even we don’t dare link all our sites back to our ad server, which actually harms the small businesses we feed through it. (Not to mention my own campaign ads! Though some of you might say that’s a good thing.)
   I know we can turn off these advisories, but I doubt many will. I haven’t, because of FUD: what if I come across a site that really is infected?
   The house of G continues to have the ’net by the short and curlies. And the sites that really are malware—Google’s Iphone hack via Doubleclick, for example—are clean according to the company, of course.
   Since Google has spent 2013 targeting other ad networks (Netseer in one case, Isocket in another, and our ad server in the most recent case), could this be its online ad division trying to get a bigger slice of the pie? Accuse the competition of spreading malware, but always deem your own to be clean—even when it isn’t. Then it can try to dominate.
   We already know it spied on users who opted out of advertising preferences, until it was busted by yours truly, and there was the spying on Iphone users last year that I mentioned above. It’s hard to put all this down to Google being a nice servant of the internet, when it took effort to program these spying mechanisms in. Having been busted on both, it’s desperate to continue growing its online advertising’s invasiveness. By accusing everyone else of malware—Isocket, for instance, is still puzzled by what caused it to be blacklisted along with “guilt by association” publishers who used its network—then online publishers might think Google’s the only game in town.
   It isn’t, and I hope it never will be.

Tags: , , , , , , ,
Posted in business, internet, marketing, publishing, technology, USA | 2 Comments »


Putting back allegedly “malicious” code: has Google caught up with reality?

25.04.2013

Not a political post, sorry. This one follows up from the Google boycott earlier this month and is further proof of how the house of G gets it very, very wrong when it comes to malware warnings.
   As those who followed this case know, our ad server was hacked on April 6 but both my web development expert, Nigel Dunn, and I fixed everything within hours. However, Google continued to block any website linking to that server, including this blog—which, as it turned out, delayed my mayoral campaign announcement sufficiently for things to go out on the same day as the marriage equality bill’s final reading and Baroness Thatcher’s funeral—and any of our websites carrying advertising. Lucire was blacklisted by Google for six days despite being clean, and some of our smaller websites were even blocked for weeks for people using Chrome and Firefox.
   We insisted nothing was wrong, and services such as Stop Badware gave our sites the all-clear. Even a senior Google forum volunteer, who has experience in the malware side of things, couldn’t understand why the block had continued. There’s just no way of reaching Google people though, unless you have some inside knowledge.
   We haven’t done any more work on the ad server. We couldn’t. We know it’s clean. But we eventually relented and removed links to it, on the advice of malware expert Dr Anirban Banerjee, because he believed that Google does get it wrong. His advice: remove it, then put it back after a few days.
   The problem is, Google gets it wrong at the expense of small businesses who can’t give it sufficient bad publicity to shatter its illusory ‘Don’t be evil’ claim. It’s like the Blogger blog deletions all over again: unless you’re big enough to fight, Google won’t care.
   Last night, we decided to put back the old code—the one that Google claimed was dodgy—on to the Lucire Men website. It’s not a major website, just one that we set up more or less as an experiment. Since this code is apparently so malicious, according to Google, then it would be logical to expect that by this morning, there would be warnings all over it. Your browser would exclaim, ‘You can’t go to that site—you will be infected!’
   Guess what? Nothing of the sort has happened.
   It’s clean, just as we’ve been saying since April 6.
   And to all those “experts” who claim Google never gets it wrong, that the false positives that we netizens claim are all down to our own ignorance with computing, well, then, there’s proof that Google is fallible. Very fallible. And very harmful when it comes to small businesses who can lose a lot of revenue from false accusations. Even we had advertising contracts cancelled during that period because people prefer believing Google. One ad network pulled every single ad they had with Lucire’s online edition.
   People are exposed to its logo every day when they do a web search. And those web searches, they feel, are accurate and useful to them, reinforcing the warm fuzzies.
   Can we really expect a company that produces spyware (and ignores red-flagging its own, naturally) to be honest about reporting the existence of malware on other people’s websites? Especially when the code the hackers used on April 6 has Google’s name and links all over it?
   It can be dangerous, as this experience has illustrated, to put so much faith in the house of G. We’ll be steadily reintroducing our ad server code on to our websites. While we’re confident we’re clean, we have to wear kid gloves dealing with Google’s unpredictable manner.

Tags: , , , , , , , , ,
Posted in business, internet, media, New Zealand, publishing, technology, USA | No Comments »


Webmaster sees Google blacklist his site for two months

13.04.2013

No matter how bad you think you’ve got it, some poor bugger has it worse. One webmaster, Steven Don, has had Google claim that he has anywhere between nine and fourteen trojans on his website, but he has none. The Google Safe Browsing page claims nine trojans presently, but can’t say which domains he has supposedly infected.
   If you read through the page, like our own Nigel Dunn, he’s no amateur at this stuff.
   He has rebuilt the sites from scratch, and compared the files he has with the ones on the server, and there are no differences. Yet Google refuses to acknowledge that his site is clean after two months.
   The only things he cannot vouch for himself are the Google Analytics and Google Adsense codes, and the Google Plus One button. And that makes me wonder about Google Adsense once again.

Tags: , , , , , , , , ,
Posted in business, internet, technology, USA | 2 Comments »


How brands fool us

13.04.2013

The Google experience over the last week—and I can say ‘week’ because there were still a few browsers showing blocks yesterday—reminds me of how brands can be resilient.
   First, I know it’s hard for most people to believe that Google is so incompetent—or even downright corrupt, when it came to its bypassing Safari users’ preferences and using Doubleclick to do it (but we already know how Doubleclick bypassed every browser a couple of years ago). People rely on Google, Google Docs, Google Image Search, or any of its other products. But there’s something to be said for a well communicated slogan, ‘Don’t be evil.’ Those who work in computing, or those who have experienced the negative side of the company, know otherwise. But, to most people, guys like me documenting the bad side are shit-stirrers—until they begin experiencing the same.
   Maybe it doesn’t matter. Maybe it’s OK for a small publication to get blacklisted, or people tracked on the internet despite their requests not to be. But I don’t think we can let these companies off quite so easily, because there is something rotten in a lot of its conduct.
   By the same token, maybe it doesn’t matter that we can’t easily buy a regularly priced orange juice from a New Zealand-owned company in our own supermarkets. Most, if not all, of that sector is owned by the Japanese or the Americans. We haven’t encouraged domestic enterprises to be global players, excepting the obvious ones such as Fonterra.
   However, most people don’t notice it, because brands have shielded it. The ones we buy most started in this country, by the Apple and Pear Marketing Board.
   And like the National Bank, which hasn’t been New Zealand-owned for decades, people are happy to believe they are local. It was only when the National Bank changed its name to ANZ, the parent company, that some consumers balked and left—even though it was owned and run by ANZ for the good part of the past decade.
   Or we like to think that Holden is Australian when a good part of the range is designed and built in Korea by what used to be Daewoo—and brand that died out here in 2003. Holden hasn’t been Australian since the 1930s, when it became part of GM—an American company. However, for years it had the slogan, ‘Australia’s own car,’ but even the 48-215, the ur-Holden, was American-financed and developed along Oldsmobile lines.
   Similarly, Lemon & Paeroa has been, for a generation, American.
   Maybe it’s my own biases here, but I like seeing a strong New Zealand, with strong, Kiwi-owned firms having the nous and the strength to take on the big players at a global level.
   We can out-think the competition, so while we might not have the finances, we often have the know-how, that can grow if we are given the right opportunities and the right exposure. And, as we’ve seen, the right brands that can enter other markets and be aspirational, whether they play on their country of origin or not.
   Stripping away one of the layers when it comes to ownership might get us thinking about which are the locally owned firms—and which ones we want to support if we, too, agree that our own lot are better and should be stronger.
   And when it came to Google, it’s important to know that it has it in for the little guy. It’s less responsive, and it will fence with you until you can bring a bigger party to the table who might risk damaging its informal, well maintained and largely illusionary corporate motto.
   We only had Blogger doing the right thing when we piggy-backed off John Hempton having his blog unjustifiably deleted by Google, and the bad press it got via Reuter’s Felix Salmon on that occasion.
   We only had Google’s Ads Preferences Manager doing the right thing when we had the Network Advertising Initiative involved.
   Google only stopped tracking Iphone users using a hack via Doubleclick (I would classify it malware, thank you) on Safari when the Murdoch Press busted it.
   That’s the hat-trick right there. Something about the culture needs to change. It’s obviously not transparent.
   I don’t know what had Google lift the boycott after six days but we know it cleans itself up considerably more quickly when it has accidentally blacklisted The New York Times or its own YouTube. One thought I had is that the notion that Google re-evaluates your site in five hours is false. Even on the last analysis it did after I resubmitted Lucire took at least 16 hours, and that the whole matter took six days.
   But it should be a matter of concern for small businesses, especially in a country with a lot of SMEs, because Google will ride rough-shod over them based on its own faulty analyses. Reality shows that it happens, and when it does happen, you haven’t much recourse—unless you can find a lever to give it really bad publicity.
   We weren’t far off from issuing a press statement, and the one-week mark was the trigger. Others might not be so patient.
   If we had done that, I wonder if it would help people see more of the reality.
   Or should we support other search engines such as Duck Duck Go instead, and help the little guy out-think the big guys? Should there be a Kiwi search engine that actually doesn’t do evil?
   Or do we need to grow or work with some bigger firms here to prevent us being bullied by Google’s, and others’, incompetence?

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in branding, business, culture, internet, marketing, media, New Zealand, publishing, USA | 5 Comments »


Google: nothing was wrong since April 6, so the planet just imagined those last six days

11.04.2013

Here’s Google’s Webmaster Tools this morning.
   Apparently, now it says there has been nothing wrong at the Lucire website since April 6. Which is what we’ve been saying for six days.
   Gee, we all must have imagined those attack warnings for the last six days. Google’s record now shows they never happened. As it’s Google, it must be right.

   I suspect Google has its units wrong again. I remember Blogger’s two-day review turned out taking six months, so two days there meant two quarters. I understand that Google’s malware bot supposedly does a review in five hours, but maybe they confused that with five days.

Tags: , , , , ,
Posted in internet, technology, USA | No Comments »


Day six of the Google boycott: if The New York Times isn’t safe from blacklisting, then how can we be?

11.04.2013

It’s day six on the Google blacklist for Lucire. And no, we still don’t know what they are talking about. StopBadware doesn’t know what they are talking about. Our web guys and all our team in different parts of the world don’t know what they are talking about.
   Today, I decided to venture to the Google forums. Google forums are generally not a good place to go to, based on my experience with Blogger, but I came across a really helpful guy called Joe (a.k.a. Redleg x3), a level 12 participant, who has gone some way to redeeming them.
   I told Joe the same story. He begins writing, ‘First I think you really need an explanation from Google, I can see why your site was flagged originally but do not understand why Google did not clear it today.’
   Exactly. But what was fascinating was that when he checked through a private version of aw-snap.info, which helps you see what malware spiders see, he found the old Google Adsense code the hackers injected.
   This very code has been absent from our servers since Saturday, otherwise we would never have received the all-clear from StopBadware.org. We also don’t use a caching service any more (we used to use Cloudflare). But, if Google saw what Joe did, then it means Google’s own bot can’t load fresh files. It loads cached ones, which means it keeps red-flagging stuff that isn’t there.
   If you read between the lines of what Joe wrote, then it’s clear that Google relies on out-of-date data for its malware bot. He checked the infected site and the file that caused all the problems has gone. And we know the hacks are gone from our system. It’s totally in line with what we were told by Anirban Banerjee of Stopthehacker.com on the errors that Google makes, too. I can only conclude that it’s acceptable for Google to publish libel about your site while relying on outdated information—information that it gathered for a few hours six days ago, which has no relevance today.
   We still don’t know if things are sorted yet. We know this has been a devilishly frustrating experience, and damaging to our reputation and our finances. Yet we also know Google will just shrug its shoulders and do a Bart Simpson: ‘I didn’t do it.’ It’ll get blamed on the computer, which is terribly convenient. It’ll also blame covering up my Google Plus status criticizing them on the computer.
   It looks like we are not alone. I’ve been reading of The New York Times and The Guardian getting red-flagged. Google even decided to blacklist YouTube at one point this year (given where I think the hackers’ code comes from, I am not surprised a Google property is malicious). The difference is that the big guys are more noticeable, so Google whitelists them more quickly. Our situation actually mirrored what happened at ZDNet, except they got cleared within hours (even though we fixed our problem within hours). The little guy, the honest business person, the legitimate blogger, the independent online store-owner—we’re in for a much harsher ride.
   With Google supplying its corrupted data to other security programs like Eset as well as browsers such as Chrome and Firefox, then putting all your eggs in one basket is terribly dangerous, as we have seen. More so if that organization has no real oversight and your complaints are silenced. And as we have seen, Google will go to great lengths to preserve its advantages in the online advertising market.

Tags: , , , , , , , , , , , ,
Posted in business, internet, media, publishing, technology, USA | 3 Comments »


Chrome continues to block sites although Stop Badware clears them

09.04.2013

I’m pleased to note that the Stop Badware people have manually analysed jackyan.com, lucire.com and autocade.net, and cleared all sites at 8.01, 8.01 and 10.01 a.m. GMT respectively.
   Google, however, is still showing this to Chrome users as at 9.10 a.m. if they visit the Lucire website:

   I am not surprised.
   This has come at a cost, with our clients enquiring and one sending this:

All because Google can’t get its systems right, and is happy to ruin the reputations of online publications, despite being notified countless times over the last four days that it has messed up.
   Incidentally, I put up a status about this at Lucire’s Google Plus page yesterday. Interestingly, Google Plus would not share it with anyone who followed us. It makes it harder to believe that the errors are completely down to automated systems.

Tags: , , , , ,
Posted in internet, publishing, technology, USA | No Comments »


Google can’t find any more problematic pages, yet continues blacklisting

08.04.2013

Google continues to throw up big red flags to anyone visiting Lucire’s website today, although its own Webmaster Tools page reveals that it has not found any problems since Saturday:

   Given that we had sewn up the server on Saturday, and deleted every instance of the hack, then Webmaster Tools’ inability to find dodgy pages is no surprise.
   However, Google’s continued insistence that something is wrong is damaging to our reputation, and it’s now affecting the sites of some of the team who linked to us. Those using its Chrome browser are getting the biggest warnings of all, if our feedback is accurate.
   It’s not the first time we’ve had to battle Google over things like this: as those of you who remember the battle with Blogger know, Google people can be very stubborn. That last time, we gave a link proving the Google support guy was wrong and his solution was just to refuse to look at it.
   But even this time, the code that Google identifies as being problematic is not: it’s straight OpenX code, which they have had no trouble with in the past. I’ve gone and replaced some of it with regenerated OpenX code that differs only with the random number being generated, which in theory should make no difference. You never know, and it’s better than sitting around and doing nothing.
   And since Google has cleared the ad server where the hack took place, it’s crazy that it continues to block sites that simply have links to a clean server.
   With Autocade, it now just says we have problems but refuses to identify just what they are.
   The greatest irony is that our ad code often links to a Google Doubleclick ad, although, as revealed yesterday, Google’s not too fussed if third-party advertisers using Doubleclick host malware. They make money, the third party makes money, and the only people who lose are the honest folks like us.
   It’ll be Monday 9 a.m. on the US west coast soon, so let’s hope things get back to normal.

Tags: , , , , , , , , , ,
Posted in business, internet, marketing, publishing, USA | 2 Comments »