Earlier this week I appeared on BBC Radio 4's "You And Yours" to talk about the scourge of SMS Spam. You can listen to it on their website - or, if it has expired, I've grabbed an audio clip for your listening pleasure. 🔊 💾 Download this audio file. I've asked the Direct Marketing Associate to create a "Do Not Text" list - so that people can opt-out of spam SMS. They already operate the Mail Preference Service and the Telephone Preference Service for opting out of junk mail and ca…
Continue reading →
This is a cautionary tale of how my personal details have been repeatedly sold and resold by a British network of spammers - each of them turning a blind eye to the provenance of their data. I'm calling on the Direct Marketing Association to create a universal opt-out file - just like they do with junk mail and nuisance calls - to prevent people receiving spam via SMS. Like lots of people, I awoke on Sunday morning to a spam SMS seemingly sent on behalf of the gambling firm Paddy Power …
Continue reading →
Recently I've been plagued with Tweets saying that I'm "trending in London." As flattering as that is, it's not true. There appears to be a network of Twitter bots which are randomly repeating other people's tweets, ripping off avatars and bios, and generally causing a nuisance. Looking at the users' Twitter name, I don't think it's unreasonable to think that "ekip_uhokoqeq" and "utadaqusoxeh" are randomly generated sequence of characters. And, without wishing to judge, that photo…
Continue reading →
Running a website is hard. Let me clarify - setting up a website is dead simple - keeping it running and updated is tricky. Now, for some of us, it doesn't really matter whether our sites live or die. But for big companies like McAfee it's not simple to switch off a site - especially when they've promised to keep it running in perpetuity. For some reason, the world's largest computer security company decided that what the world really needed was a brand new Link Shortner. Yup, to add to…
Continue reading →
I got into an argument with a friend a few weeks ago. I was complaining that I really didn't like the spam that Facebook shoves into my newsfeed. His argument was - and I paraphrase... I don't mind the occasional advert - between the Farmville notifications and "inspirational" quotes, I barely notice them. For me, this was quite the shocker. I don't see game invitations. I rarely see "spiritual" messages, or ill-informed racist rants. Why? Not because my friends are better than his -…
Continue reading →
Hanlon's Razor states, "Never attribute to malice that which is adequately explained by stupidity." It would be nice to think that all mistakes and errors we encounter are just the result of bone-headedness. Sadly, that's not the case. Quite often malicious people deliberately try to trick you into taking actions you would normally have ignored. In usability, we call this a "Dark Pattern". A Dark Pattern is a type of user interface that appears to have been carefully crafted to trick users …
Continue reading →
This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from the project. Job titles change, people are reshuffled, and senior management's gaze focuses elsewhere. Who is now responsible for updating and maintaining the software? No…
Continue reading →
This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running ancient and unsecured software, languishing unmaintained and long since abandoned. What are the consequences of failing to invest in security and maintenance? The websites become a haven …
Continue reading →
I've started seeing an uptick in Twitter spam - ostensibly from my friends telling me I can make money online. The common denominator is that they all use Pinterest as a vector for spreading the spam. Looking at the accounts of people who have recently tweeted these or similar messages, shows that the majority are real people - not automated spam-bots. So how is this happening? Checking the Tweet's metadata, the tweets all appear to come from the Pinterest service. This indicates two…
Continue reading →
Updated - see end of post! I am not a happy bunny. Last year, while trying to buy a house, Symantec's MessageLabs decided to block my Estate Agent and my bank from receiving any emails from my personal domain. In the middle of a rather stressful house purchase, I had to swap my email addresses and convince the parties involved to all to use the new one. This year, they're blocking me from contacting media organisations, potential clients, and the Houses of Parliament. What on Earth is…
Continue reading →
Earlier this year, I received an offer from a sleazy marketing company to place adverts on this blog - on the express understanding that they were not identified as sponsored posts. I reported the company - Media Discovery - to the ASA (Advertising Standards Authority) who, after a perfunctory investigation, decided not to prosecute. They bought the unlikely story that Media Discovery had a rogue employee trying to entice bloggers into breaking the law. Well, the constant stream of visitors…
Continue reading →
I don't like spam. I'm very careful always to tick the "do not pass my details on to 3rd parties" box on forms. So, when I do get SMS spam, I like to know who has been flouting the rules. See my previous investigation. A few weeks ago, I received this rather annoying message: I'm not a gambler - and I've never had a business relationship with Coral. So why are they sending me this tripe? I took to Twitter to find out. Terence Eden is on Mastodon@edentHey, @Coral - SMS spam is not cool. …
Continue reading →
