July 2005

Spam29 Jul 2005 09:58 pm

“SPAMIS.COM/.ORG/.CC/.INFO”, a/k/a Robert Soloway, has continued to send out spam containing the text of my monthly column for eSecurity Planet. It was not sent by me. It was not sent with my permission or authorization.

And please don’t send me complaints, copies of the spam, etc. I’m getting enough as it is, thanks!

In fact, looking at the spams that I have personally received (yes, the twit is spamming me with my own article…), he’s using a network of “spam zombies” — virus-infected and hacked PCs that are hijacked to relay spam. It’s a sign that this guy is a pretty sophisticated criminal. I’m sure his mother is very proud.

According to the SpamHaus “Registry of Known Spam Operations” here’s his latest info:

Mr. Robert Soloway
1200 Western Avenue
98101 Seattle
Tel: +1 (206) 226-9558 (206)223-1270
email: nim@cyberservices.com

Robert Alan Soloway
SPAMIS, PO Box 1259, Seattle, WA 98111, USA
Fax: (206)260-2409 or (503)213-6416

As of Nov 6, 2004, Robert Soloway’s NIM/Newport Internet Marketing is an active corporate entity in Washington State. This corporate name was registered in WA in Dec, 2003. Soloway’s “corporation” is run out of his apartment at the Harbors Apartments in Seattle.

Washington State Dept of Revenue
State Business Records Database Detail


SEATTLE, WA 98101-2964

SEATTLE, WA 98101-0000

ACCOUNT OPENED:…………12/01/2003

Have fun!

Friends & Family & News & Culture26 Jul 2005 05:17 pm

Hearty congratulations and much love goes out to my cousin (2nd cousin actually) Samuel Bennett, who just moments ago was named Florida State Teacher of the Year for 2006!

Sam (pictured to the right in his classroom) teaches Fifth Grade at Garner Elementary School in Winter Haven, Florida and was one of five finalists for the Florida Department of Education /Macy’s Teacher of the Year program. To read more about Sam and his amazing work, check out this article: “Polk Man Is Finalist For Teacher of Year.”

Cousin Sam — who began his career as a police officer (if I recall family lore correctly) and is an ordained minister — gave credit to God, his wife, and his parents, my Great Aunt Sue and Uncle Luke, according to the Orlando Sentinel:

Calling the award a “tremendous and humbling honor,” Bennett gave credit to God for instilling a love of teaching; and to his wife, Debbie, for being his best friend. He credited his mother with teaching him to look for the good in everyone and, when he finds it, to nurture it; and his father, who died in 1990, with tenacity.

Please join the rest of the Everett and Bennett clans in congratulating Sam and his family, and wishing him continued success as he uses this position as Teacher of the Year to encourage great people to take up teaching, and to encourage great teachers to become even better!

Update: Here’s the official FL Department of Education press release.

News & Culture & Spam25 Jul 2005 10:59 pm

According to Russian news agency Interfax (reported via MosNews.com), notorious Russian spammer Vardan Kushnir was found beaten to death in his Moscow apartment yesterday.

It’s not exactly the sort of penalty you wish on even the most incorrigible of spammers, but there must have been something more going on here. Even in what, by many accounts, is a lawless and out-of-control Russia, it’s difficult to believe that people would be so infuriated by spams for English-language training courses (the main business of Mr. Kushnir, apparently) that they would beat someone to death. A nickel says we’ll learn later that there was some Russian mob connection… just you watch.

Thank goodness that I live in America, where the morons who have been blaming me for spamming them this past week (which, of course, I didn’t!!!), are content to simply send whiny emails.

Miscellany & Spam20 Jul 2005 09:28 am

Spammers at “SPAMIS.COM/.ORG” have been sending out an email message containing the text of an article I wrote. It was not sent by me; it was not sent with my permission or authorization. Complaints have been filed; it’s not necessary to complain to me… I’m not happy about this either.

Update: I’m told that the spam may have originated from Robert Soloway, a spammer who recently lost a court battle to Microsoft. The folks at About.com have some more info about Robert Soloway. All I know for certain is that the spam originated at a cable-modem connection by Shaw Cable.

PS: To whoever felt the need to leave me that ranty voicemail at my office, you need to switch to decaf, man…

Miscellany19 Jul 2005 02:50 pm

I’m down with a cold for a few days… but I’ll be back in the saddle later this week. In the meantime, please try exploring some of the other blogs that I link to over on the left. There’s some good reading there!

Malware & Spam18 Jul 2005 02:41 pm

Pulling together two of my recent blog postings, my monthly article for eSecurity Planet discusses recent moves by Microsoft that raise some significant questions about their efforts to promote trustworthiness and authentication in computing.

Privacy & Sillycon Valley Biz14 Jul 2005 07:31 am

In an interesting survey of Google’s difficulty balancing privacy and search ubiquity, CNet reporter Elinor Mills has done an excellent job in chronicling the tensions. I commend the article to your reading.

I do have one criticism, however: she didn’t mention Google’s lack of a Privacy Officer as an issue contributing to Google’s litany of privacy miscues. Frequent readers of this blog know that it’s one of my pet issues, and a critical component of why I believe Google still doesn’t “get it,” and why they will continue to have trouble.

I sent Elinor some feedback, which you can read below. Perhaps the next time Google stumbles on privacy — just a matter of when, not if — people will begin to focus on the underlying reasons for why Google stays on the cutting edge of privacy scandal.

Here’s the feedback I sent:

To: elinor.mills@cnet.com
Subject: FEEDBACK:Google balances privacy, reach

I enjoyed your piece today about the mounting privacy concerns at Google. It’s something I’ve been concerned about for quite a while, and have written about extensively in my blog, http://www.privacyclue.com.

My only criticism of your piece was that I didn’t see you mention their lack of dedicated privacy personnel, such as a Privacy Officer. Most major companies have such a position, but Google doesn’t. hey considered hiring a Privacy Officer back in 2001, but concluded that they didn’t need one — they thought the “do no evil” ethos would insulate them from privacy issues. As a result they have no one looking at privacy as a strategic issue, and the consequences show every time they’re surprised by user concerns over some new practice.

As the world’s first corporate Chief Privacy Officer, and one who has helped many of the nation’s major corporations hire and train their privacy personnel, I’m still appalled by Google’s myopia on this score. Contrary to the headline of your piece (which I know you probably didn’t write), privacy and reach shouldn’t need to be balanced if both are guiding principles and working objectives. It’s only a zero-sum game if you’re not applying creativity to the search for solutions. Unfortunately, when there’s no CPO, nobody is being assigned the task of finding those solutions every single day.

You might find a couple of my recent blog entries interesting if you care to explore these issues further:

Google’s CEO: ‘We Still Don’t Get It’
(In which I discuss the difference between “do no evil” and Doing Good.)

Google Launches New Privacy Controversy
(In which I analyze gaping holes in Google’s Privacy Policy.)

Privacy Wanes when Bloggers are Muzzled
(In which I analyze Google’s blogging policy.)

Best regards,

Update: 7/15 I stand corrected, thanks to these lovely new shoes Elinor Mills sent me… Seriously though, Elinor pointed out that I missed a couple of sentences where she discusses the privacy officer issue, and even asked Google about it. So bravo for raising the question!

Elinor quoted Google’s rep, saying that the company has several attorneys on staff who deal with privacy issues among other issues. For this reason I do still stand by my criticism of Google.

These problems are precisely why most companies have separated out the privacy issues into a separate position, the Privacy Officer, and sometimes into a separate department. When I created the world’s first corporate Chief Privacy Officer position, we specifically separated the duties from those of the in-house legal team, so that the position could be truly focused on privacy matters.

In-house counsel is a very important part of the equation, but counsel is searching for the minimum necessary for legal compliance, and as a result isn’t always looking for other red flags, such as those that will create PR issues. A specialized Privacy Officer often has the kind of hybrid skill set — including marketing, technology, public relations, and public policy — that prepares them for tackling issues that are more complex than mere regulatory compliance. There’s lots of stuff that a company can do that’s legal, but still dumb. Speaking as a lawyer, I know first-hand that most good lawyers can help you avoid legal problems, but fewer lawyers can help you avoid looking bad while you do it.

Malware11 Jul 2005 12:34 pm

As Microsoft continues to make doe-eyes towards the malware impresarios at Claria, the PR flacks are practicing their Tae-Bo moves in contorting themselves to explain why MS’s anti-spyware utility no longer recommends removal of Claria’s garbage.

According to a CNet article today, MS has issued a public statement to explain why it’s given Claria’s malware the kid-gloves treatment. According to the statement:

We also decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors.

So there you have it… you can count on Microsoft’s anti-spyware utility to recommend that you “ignore” unwanted software by any vendor whose reputation is as bad as Claria’s.

As Microsoft puts it:

Microsoft is committed to helping protect our customers from spyware and other unwanted software by providing guidance and technology solutions. We firmly believe that people should have complete control over what runs on their computers.

Except when they’re interested in buying the company whose software has seized control of your computer, apparently.

Malware & Sillycon Valley Biz11 Jul 2005 06:43 am

A fascinating new survey conducted by the fine folks at the Pew Internet and American Life Project, and released late last week, found that 91 percent of Internet users have changed their online habits to avoid spyware.

This is quite a triumph for malware makers… You can’t get 91 percent of average people to come in out of the rain, so pissing off 91 percent of the public so much that they seek to avoid you is a real accomplishment!

There were a lot of other noteworthy findings. For example, 81 percent of users avoid opening e-mail attachments without knowing for sure that they are safe; 48 percent stopped visiting Web sites they considered to be potential sources of spyware; 25 percent don’t use music-swapping networks anymore; and 18 percent have switched Internet browsers.

The Pew report also showed that about 68% of users (approximately 93 million) have had computer trouble in the past year consistent with problems caused by spyware and viruses, although 60% of those who had problems were not sure where the problem originated. Some 25% of Internet users have seen new programs on their computers that they did not install or new icons on their desktop that seemed to come out of nowhere. One in five Internet users (18%) reported that their homepage had been inexplicably changed.

While covering on the Pew survey, the St. Petersburg Times interviewed Claria’s Chief Privacy Officer Reed Freeman, asking him about the all-too-frequently obscure privacy disclosures that are the stock-in-trade of malware companies. To his great credit, my old friend Reed recognized that it’s up to the malware companies to be more transparent in their practices:

“Consumers shouldn’t have to go hunt for disclosure of that nature,” said Reed Freeman, chief privacy officer of Claria. “Adware companies that are interested in broad consumer acceptance ought to be putting their disclosures in the download process as they are getting the product so they can make an informed decision about what they’re getting.”

I couldn’t help but chuckle at this quote, given that the subject of Claria’s crappy disclosures was a substantial bone of contention during my deposition in the dozen consolidated lawsuits against Claria. I’m so gratified to see that they’ve taken my criticisms to heart! :-D

Malware & Sillycon Valley Biz07 Jul 2005 12:37 pm

Anyone who owns cats knows the joy of waking up in the morning, stumbling towards the kitchen, and stepping barefooted in a cold, squishy pile of cat barf. As I read one of this morning’s news items in Good Morning Silicon Valley, I shuddered in exactly the same way that I do when feeling half-digested kibble ooze between my toes.

The GMSV posting in question discussed the fact that, on the heels of rumors that Microsoft is interested in buying malware company Claria, this week’s update of Microsoft’s anti-spyware utility downgrades the risk posed by Claria’s malware.

According to a posting by Eric Howes on Broadband Reports:

Several sources have now confirmed that Microsoft downgraded its detections of Claria’s adware products in the latest update (#5731) to Microsoft AntiSpyware released today. Where Microsoft AntiSpyware used to detect Claria’s products and present users with a “Recommended Action” of “Quarantine,” following today’s update Microsoft AntiSpyware now presents users with a “Recommended Action” of “Ignore” (see attached screenshot). Users can still change the action to “Quarantine” or “Remove.”

Click for larger image.

(Screenshot credit: Eric Howes @ Spywarewarrior)

This isn’t the first time an anti-spyware utility has downgraded the threat posed by Claria’s crap. But are the downgrades a sign that Claria is improving its practices? Hardly.

As I’ve noted before, Claria has managed to bully, threaten, or cajole, several anti-virus and anti-spyware companies into changing its default settings for dealing with a Claria-ware infestation.

My recommendation? Do as GMSV’s headline suggests: “Antispyware untrustworthy? Recommended Action: Ignore.” Always read your anti-spyware reports carefully and override any softpedaling it offers for known threats.