Well, here’s a little about me.

I’m a former Microsoft Consultant. I worked in the MSN & Windows Technical departments providing support to end users and training internal Microsoft staff. I've been in IT for over 20 years now, I have various certifications from MCSE, MCT, MCDST and more.

I have since left Microsoft Corporation and now work as a Forensic IT Consultant and Web / Graphic Designer. One by day, the other by night, (Or whenever I’m needed). I have been into computers since I got the first ever electronic game that you plugged into your TV called Pong. Not much later I was bought the Sinclair ZX81 1k Home Personal Computer. It was a powerful bit of kit (not). I had a little tape deck and a printer, that looked like a till roll. After that I had a Commodore 64. This was the best thing ever. I had great times with the C64 and have fond memories of playing the games and programming the thing. Mostly though, you typed in hundreds of lines of code, I typed Run and hit enter, only to be greeted with:

I now spent another 3 days looking for what id done wrong. It was usually a . instead of a , grrr.
With the Commodore, I had my first taste of the Internet. I had an Acoustic Coupler Modulator/Demodulator (Modem to you). This connected me to BBS sites (Bulletin Board Service) like Prestel and Micronet. These were interactive pages, not much different than the early Teletext pages like Ceefax and Oracle.

Anyway, after all this I got a PC in the early 90’s with Windows for DOS on it, some call it Windows for Workgroups. Then came Windows 3.x then Windows 95, you know the rest.
Anyway, by this time I was having my name laughed at because of a cool TV Show called Knight Rider. 20+ years later and Its still happening, each person that remembers Knight Rider think that they are the first person to say ‘hey where’s KITT?’ or  ‘Not out crime fighting?’ or doing KITT’s scanner noise whoosh whoosh.

Anyway, now I’m all grown up and work for myself. I write as much as I can, listen to just about every piece of music I can. I’m a huge Movie fan and love Scary Movies and geeky Sci-Fi .

I try to get out as much as I can, which really isn’t a lot. So, that’s me in a nutshell.

Feel free to message me, add me to Skype or contact me anyway you can. I’m always looking to make new friends. Thanks for reading.

Mike

P.S. For those of you who would like to relive (or try) the Commodore 64, you can download an Emulator Here & and some Commodore Games Here.

In 1983, Aliens pretending to be friendly come to Earth and are received openly. The aliens have masqueraded themselves to look just like humans. When it is discovered that the aliens' planet is dying and that they have come to rape the Earth of its natural resources, the war for Earth begins.

In the early 80's I was enthralled with the mini series of V. Nothing came close to the awe that the series had on many people, not even Star Trek. V was totally new and had viewers hooked with its invasion storyline. Not since HG. Wells' The War Of The Worlds radio broadcast had a Sci-Fi series hold its watchers captive.

V started as a mini series, spread over 5 night 2 hourly slots. The first 2 episodes saw over 50 giant saucer shaped disks appear through the clouds across most of the major cities in the world. They came in peace, looking for our help, and befriended the most powerful and influential people in government and technical fields.

Only a handful of people noticed that something was wrong. Half of the town is going missing, strange things happening that others seem not to notice...

The last 3 episodes were called The Final Battle, and you found out the truth about why the Visitors (aliens) came to our planet. We battle the aliens and win, sending them fleeing with their scaly tails between their legs.

After this came a 21 episode series that continued from the original mini-series, but I'm not going to talk about that.

Its almost 26 years since the visitors came to earth, but now they are back. 2009 will see V: The Second Generation. This is a brand new mini-series, again like the 21 part series, will continue the theme of the Visitors on earth.

There are a few things I have really looked forward to, like the War of the Worlds Movie, Spiderman 2,3 and 4. Knight Rider the new series and movie (I know my name is Michael Knight, but hey, I can still be interested). But out of all the things that I have waited for, none holds more interest than the new V Mini-Series. I bought the book, but refuse to read it until I have seen the TV series, I want to see if it keeps me as hooked as it did back in 1983. I really can't wait.

What's more, quite a few of the Original Cast, Marc Singer, Faye Grant, Robert Englund (Freddy Kruger), Michael Ironside & Blair Tefkin have all signed on to revive their characters from the 83' series. Its just going to be great.

This is a Fan Made trailer - I will update this when the Official one gets released.

Its simple, Rule No. 1 Don't pass the mails to everyone in your address book... Why? I hear you say, Read on...

What Are Internet Hoaxes and Chain Letters?

Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering. Most of the hoax messages play on your need to help other people. Who wouldn't want to warn their friends about some terrible virus that is destroying people's systems? Or, how could you not want to help this poor little girl who is about to die from cancer? It is hard to say no to these messages when you first see them, though after a few thousand have passed through your mail box you (hopefully) delete them without even looking.

Chain letters are lumped in with the hoax messages because they have the same purpose as the hoax messages but use a slightly different method of coercing you into passing them on to everyone you know.

Chain letters, like their printed ancestors, generally offer luck or money if you send them on. They play on your fear of bad luck and the realization that it is almost trivial for you to send them on. The chain letters that deal in money play on people's greed and are illegal no matter what they say in the letter.

The Risk and Cost of Hoaxes

The cost and risk associated with hoaxes may not seem to be that high, and isn't when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs. For example, if everyone on the Internet were to receive one hoax message and spend one minute reading and discarding it, the cost would be something like:

50,000,000 people * 1/60 hour * £50/hour = £41.7 million

Most people have seen far more than one hoax message and many people cost a business far more than £50 per hour when you add in benefits and overhead. The result is not a small number.

Probably the biggest risk for hoax messages is their ability to multiply. Most people send on the hoax messages to everyone in their address books but consider if they only sent them on to 10 people. The first person (the first generation) sends it to 10, each member of that group of 10 (the second generation) sends it to 10 others or 100 messages and so on.

As you can see, by the sixth generation there are a million e-mail messages being processed by our mail servers. The capacity to handle these messages must be paid for by the users or, if it is not paid for, the mail servers slow down to a crawl or crash. Note that this example only forwards the message to 10 people at each generation while people who forward real hoax messages often send them to many times that number.

Recently, we have been hearing of spammers (bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and chain letters. After a few generations, many of these letters contain hundreds of good addresses, which is just what the spammers want. We have also heard rumors that spammers are deliberately starting hoaxes and chain letters to gather e-mail addresses (of course, that could be a hoax). So now, all those nice people who were so worried about the poor little girl dying of cancer find themselves not only laughed at for passing on a hoax but also the recipients of tons of spam mail.

How to Recognize a Hoax

Probably the first thing you should notice about a warning is the request to "send this to everyone you know" or some variant of that statement. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.

Next, look at what makes a successful hoax. There are two known factors that make a successful hoax, they are:

(1) technical sounding language.
(2) credibility by association.

If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to who sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Both of these items make it very difficult to claim a warning is a hoax so you must do your homework to see if the claims are real and if the person sending out the warning is a real person and is someone who would know what they are talking about. You do need to be a little careful verifying the person as the apparent author may be a real person who has nothing to do with the hoax. If thousands of people start sending them mail asking if the message is real, that essentially constitutes an unintentional denial of service attack on that person. Check the person's web site or the person's company web site to see if the hoax has been responded to there. Check these pages or the pages of other hoax sites to see if we have already declared the warning a hoax.

Hoax messages also follow the same pattern as a chain letter (see below).

Recognizing a Chain Letter

Chain letters and most hoax messages all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts:

A hook.
A threat.
A request.

The Hook

First, there is a hook, to catch your interest and get you to read the rest of the letter. Hooks used to be "Make Money Fast" or "Get Rich" or similar statements related to making money for little or no work. Electronic chain letters also use the "free money" type of hooks, but have added hooks like "Danger!" and "Virus Alert" or "A Little Girl Is Dying". These tie into our fear for the survival of our computers or into our sympathy for some poor unfortunate person.

The Threat

When you are hooked, you read on to the threat. Most threats used to warn you about the terrible things that will happen if you do not maintain the chain. However, others play on greed or sympathy to get you to pass the letter on. The threat often contains official or technical sounding language to get you to believe it is real.

The Request

Finally, the request. Some older chain letters ask you to mail a dollar to the top ten names on the letter and then pass it on. The electronic ones simply admonish you to "Distribute this letter to as many people as possible." They never mention clogging the Internet or the fact that the message is a fake, they only want you to pass it on to others.

Chain letters usually do not have the name and contact information of the original sender so it is impossible to check on its authenticity. Legitimate warnings and solicitations will always have complete contact information from the person sending the message and will often be signed with a cryptographic signature, such as PGP to assure its authenticity. Many of the newer chain letters do have a person's name and contact information but that person either does not really exist or does exist but does not have anything to do with the hoax message. As mentioned in the previous section, try to use other means than contacting the person directly to find out if the message is a hoax. Try the person's web page, the person's company web page, or this and other hoax sites first to see if the message has already been declared a hoax.

For example, the PENPAL GREETINGS! hoax shown below appears to be an attempt to kill an e-mail chain letter. This chain letter is a hoax because reading a text e-mail message does not execute a virus nor does it execute any attachments; therefore the Trojan horse must be self starting. Aside from the fact that a program cannot start itself, the Trojan horse would have to know about every different kind of e-mail program to be able to forward copies of itself to other people. We have had to modify this statement slightly for the newer html mail readers. If a mail message is formatted with html and contains scripts, those scripts will run when the e-mail message is read. Active scripting should always be turned off for a mail reader so that malicious code like the KAK worm cannot automatically run.

Notice the three parts of a chain letter, which are easy to identify in this example.

The Hook

FYI!

Subject: Virus Alert
Importance: High

If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. Below is a little explanation of the message, and what it would do to your PC if you were to read the message. If you have any questions or concerns please contact SAF-IA Info Office on 697-5059.

The Threat

This is a warning for all internet users - there is a dangerous virus
propogating across the internet through an e-mail message entitled "PENPAL GREETINGS!". DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"

This message appears to be a friendly letter asking you if you are interested in a penpal, but by the time you read this letter, it is too late. The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone
who's e-mail address is present in YOUR mailbox!

This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!! Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!

The Request

And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!

Validating a Warning

CIAC recommends that you DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator, your computer incident handling team, or your antivirus vendor. Real warnings about viruses and other network problems are issued by computer security response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. Warnings about new malicious code are also available at the antivirus vendors sites and at the operating system's vendor site.

Companies like Microsoft will not send out mass emails explaining Bidwieser frog screensavers or possible virus threats and they certanly do not give out money for Beta Testing.

What to Do When You Receive a Warning

Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org. If there is no PGP signature, check at this and other hoax sites to see if the warning has already been declared as a hoax. If you do not find the warning at the hoax sites, it just may mean that we have not yet seen this particular hoax.

See if the warning includes the name of the person submitting the original warning. If it does, see if you can determine if the person really exists. If they do, don't send them an e-mail message. It is likely that they have nothing to do with this hoax and thousands of people sending them questions will be just as damaging to them as sending around the hoax message. Instead, check their personal or company web site. Often if a person has been the brunt of a hoax, that hoax message will be debunked on the person's company web site. If you still cannot determine if a message is real or a hoax, send it to your computer security manager, your ISP, or your incident response team and let them validate it.

When in Doubt, Don't Send It Out

In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. Other useful virus and hoax sites are listed on our Other Hoax Sites pages. In most cases, common sense would eliminate Internet hoaxes.

Why People Send Chain Letters and Hoax Messages

Only the original writer knows the real reason, but some possibilities are:

To gather Email addresses to go on a Spam List.
To see how far a letter will go.
To harass another person (include an e-mail address and ask everyone to send mail to, e.g. Michael Knight).
To bilk money out of people using a pyramid scheme.
To kill some other chain letter (e.g. Make Money Fast).
To damage a person's or organization's reputation.

History of Virus Hoaxes

Since 1988, computer virus hoaxes have been circulating the Internet. In October of that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 1992) one of the first virus hoaxes was the 2400 baud modem virus:

SUBJ: Really Nasty Virus
AREA: GENERAL (1)

I've just discovered probably the world's worst computer virus
yet. I had just finished a late night session of BBS'ing and file
treading when I exited Telix 3 and attempted to run pkxarc to
unarc the software I had downloaded. Next thing I knew my hard
disk was seeking all over and it was apparently writing random
sectors. Thank god for strong coffee and a recent backup.
Everything was back to normal, so I called the BBS again and
downloaded a file. When I went to use ddir to list the directory,
my hard disk was getting trashed again. I tried Procomm Plus TD
and also PC Talk 3. Same results every time. Something was up so I
hooked up to my test equipment and different modems (I do research
and development for a local computer telecommunications company
and have an in-house lab at my disposal). After another hour of
corrupted hard drives I found what I think is the world's worst
computer virus yet. The virus distributes itself on the modem sub-
carrier present in all 2400 baud and up modems. The sub-carrier is
used for ROM and register debugging purposes only, and otherwise
serves no other purpose. The virus sets a bit pattern in one
of the internal modem registers, but it seemed to screw up the
other registers on my USR. A modem that has been "infected" with
this virus will then transmit the virus to other modems that use a
subcarrier (I suppose those who use 300 and 1200 baud modems
should be immune). The virus then attaches itself to all binary
incoming data and infects the host computer's hard disk. The only
way to get rid of this virus is to completely reset all the modem
registers by hand, but I haven't found a way to vaccinate a modem
against the virus, but there is the possibility of building a
subcarrier filter. I am calling on a 1200 baud modem to enter this
message, and have advised the sysops of the two other boards
(names withheld). I don't know how this virus originated, but I'm
sure it is the work of someone in the computer telecommunications
field such as myself. Probably the best thing to do now is to
stick to 1200 baud until we figure this thing out.

Mike RoChenle

This bogus virus description spawned a humorous alert (even in my own inbox) by Robert Morris III :

Date: 11-31-88 (24:60) Number: 32769
To: ALL Refer#: NONE
From: ROBERT MORRIS III Read: (N/A)
Subj: VIRUS ALERT Status: PUBLIC MESSAGE

Warning: There's a new virus on the loose that's worse than
anything I've seen before! It gets in through the power line,
riding on the powerline 60 Hz subcarrier. It works by changing the
serial port pinouts, and by reversing the direction one's disks
spin. Over 300,000 systems have been hit by it here in Murphy,
West Dakota alone! And that's just in the last 12 minutes.

It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
RSX-11, ITS, TRS-80, and VHS systems.

To prevent the spread of the worm:

1) Don't use the power line.
2) Don't use batteries either, since there are rumours that this
virus has invaded most major battery plants and is infecting the
positive poles of the batteries. (You might try hooking up just
the negative pole.)
3) Don't upload or download files.
4) Don't store files on floppy disks or hard disks.
5) Don't read messages. Not even this one!
6) Don't use serial ports, modems, or phone lines.
7) Don't use keyboards, screens, or printers.
8) Don't use switches, CPUs, memories, microprocessors, or
mainframes.
9) Don't use electric lights, electric or gas heat or air-conditioning, running water, writing, fire, clothing or the wheel.

I'm sure if we are all careful to follow these 9 easy steps, this
virus can be eradicated, and the precious electronic flui9ds of
our computers can be kept pure.

---RTM III

Since that time virus hoaxes have flooded the Internet.With thousands of viruses worldwide, virus paranoia in the community has risen to an extremely high level. It is this paranoia that fuels virus hoaxes. A good example of this behaviour is the "Good Times" virus hoax which started in 1994 and is still circulating the Internet today. Instead of spreading from one computer to another by itself, Good Times relies on people to pass it along.

If you need to forward anything to more than 1 person, Please use the BCC field, thus breaking the chain. I hate getting these mails from people, and when I tell them they are fake they never beleive me thus always having to prove it.

The Internet has shown that reputations are important but don't have to be tied to specific real individuals. The entire banking system is built on top of the idea of reputation, but tries hard to tie them to real identities. The problem of identity theft is likely to break this connection. We will see a greater disconnect between individuals and their reputations.

Identity theft has been a big hit with the purveyors of fear in recent years. We all now live in terror of waking up one morning and finding that someone has stolen our identity, and we can’t even remember who we are.

Well, maybe not. But identity theft is a real problem. If someone manages to construct a copy of your identity, you don’t stop being you, you just stop being the owner of all of your money (unless you can persuade your bank it’s their fault). You might get back from vacation to find that your house has been stolen...

Identity is closely tied to the concept of reputation. We are now trying to apply ideas from villages of a few hundred people to a global scale and (not surprisingly) finding that they don’t quite work.

In a small community, everyone knows—or knows of—everyone else. Reputations are very important. If you want to borrow something from a neighbour, or ask them for a favour, then you will have some idea of how much you trust them.

When banks started, they would use this sort of model. They would be willing to lend you money based on letters of recommendation from people they trusted, or based on their prior dealings.

Now banks have grown so big that they use a much less personal system, but still deal in the idea of reputations.

The Social Security Scam

Some time ago, the UK and the U.S. governments introduced the concept of a Social Security number (SSN). This was a unique identifier assigned to every taxpaying citizen, allowing their tax records to be connected together.

Having a unique identifier for people was useful to a lot of institutions. It’s pretty hard to know whether you can trust John Smith, but it’s much easier to find out information about a specific John Smith.

The problem began when people started regarding knowing someone’s Social Security number as proof (or, at least, strong evidence) that you were that person.

This attitude isn’t limited to SSNs, by the way. One of my banks has an ultra-secure login where, in addition to my password, they also require that I tell them the following information:

• My mother’s maiden name
• My house number
• My date of birth

All these responses are public knowledge and can be looked up by anyone who wanted to find them out.

The most surreal experience I’ve had with a bank was one based in the United States. I phoned them to try to set up Internet banking. The conversation went something like this:

Me: Hi, I’d like to know my password for Internet banking, please.

Them: Certainly. We just need to confirm your identity. Can you tell me the size of the last transaction in your account, please?

Me: No, I want to log into Internet banking to look that up.

Them: Oh, we can tell you that over the phone.

Me: Okay...

Them: £n

Me: Thanks. The answer to your question is £n.

Them: Oh, I can’t ask you things I’ve just told you as a security question.

Me: Well, that’s sensible.

Them: Let me transfer you to someone who can.

Me: !

The next person I talked to asked me for the number that the first representative had given me, and was then happy to pass on my Internet banking password.

The illusion of security seems very popular with banks at the moment.

Reputation versus Identity

Part of the problem with this system is that it associates your reputation with your identity. If you are going to buy a house and are looking for a mortgage, then it is not unreasonable for a potential lender to want to know about the house you are thinking of buying, your current income, earning potential, outstanding debts, and so on.

If, on the other hand, you are looking to take out a credit card with a £1,000 credit limit, the only thing they need to know is whether you can service a debt of £1,000.

Either do you have £1,000 in liquid assets, or do you have enough disposable income to service interest payments at the horrendous rates that credit card companies charge?

Unfortunately, the way the system is set up at the moment, there is no fine-grained control. Someone who uses a £1,000 credit card application to steal your identity gets enough to take out a £500,000 mortgage backed by your reputation.

A bigger problem is what to do after your identity has been stolen. Fingerprint locks are pretty cheap now, but most people still prefer to use pass codes. The reason is, if someone steals a pass code, you can change it.

If someone steals a copy of your fingerprint, it’s very difficult to grow a new finger. The current situation with identities is similar to the fingerprint lock. So much of the information associated with your virtual identity is tied to the real you that building a new one that the thief does not have access to is very hard.

Multiple Personalities

One solution to this problem would be to have multiple virtual identities. This is already quite common outside of financial circles.

I have an account on Slashdot, for example, where I post under a pseudonym. Someone who cared enough could probably link that virtual identity to me fairly easily, but most of the time it can be treated as a separate persona. It has an independent reputation, based on Slashdot’s karma system.

Since I post more informative comments than troll posts (or, at least, most of my attempts at trolling go unnoticed), that persona has a good reputation. That reputation, however, is in no way related to the reputation I have as a result of writings published in other places.

The idea of multiple personalities would make sense for financial markets, too. Going back to the earlier example, if I wanted to apply for a credit card, then I would not have to use my real identity to do so. I could create a new identity and have my real identity guarantee it up to a certain limit that would be sensible for the credit application.

From the credit card company’s perspective, the identity would have a fixed income of some proportion of my income and a fixed capital of some proportion of my capital. They would be isolated from my real identity and only see the subset of my assets that were required to construct an identity that was a safe risk for lending money to.

This kind of game isn’t particularly new. Corporations do it all the time. They set up shell companies, spin-offs, or joint ventures for a variety of purposes. Some have to do with combining resources from different companies; some have to do with shielding the parent organization from liability.

Both of these would be useful for individuals. Couples sharing a house, for example, might want to create a phantom shared identity rather than having individual responsibility for various payments. Limiting liability is the more important one, however.

The concept of limited liability has to do with limiting the amount of money you can lose. In simple terms, if a limited liability company goes bust, the investors don’t lose any money beyond that which they had invested already. Banks know this, and will not take the investors’ assets into account when assessing the risk involved with lending the limited company money.

Putting this in terms of identity theft, someone who could pose as the limited company would be able to do only a small amount of damage to the investors.

This kind of structure would be ideal for limiting the effects of identity theft. When applying for small loans, you could create a limited liability identity, and an identity thief who took it would not gain any more than a thief who took a credit card.

Fluidity of Identity

The Internet has shown time and time again that reputations are important, but don’t have to be tied to specific real individuals. The entire banking system is built on top of the idea of reputation, but tries hard to tie them to real identities.

The problem of identity theft is likely to break this connection. We will see a greater disconnect between individuals and their reputations.

Corporations already do this with different branding for different market segments, and it’s only a matter of time before the facilities become more widely available.

The designers of the Secure Internet Live Chat (SILC) protocol realized this some years ago. SILC does not provide a mechanism for tying an online personality to a real person (although you can do this out of band).

Instead, it provides something more valuable; a way of telling whether a particular online identity corresponds to the same person today as it did yesterday. This is valuable in an online chat setting, because the only contact you are likely to have with a particular person in an Internet chat room is via that chat room. The reputation is based entirely on their behaviour in that context.

The same is true in many other contexts; the behaviour of individuals in a specific context is important and their actions in others are misleading.

 How long before Skype Ltd. ends up as an item for bid on eBay? Ever since its acquisition by the Internet auction site, Skype has been a rudderless boat — and without a captain, following the departure of cofounder Niklas Zennstrom, who took £2.8 billion of Skype’s £5.2 billion value with him. Now, after a wave of complaints regarding Skype’s complete lack of real-time customer service, comes a new trend: Skype spam.

There’s always been some spam on Skype. Beyond VoIP blogger Marc Robins identified Skype spam as “an alarming trend” nearly a year ago. Skype user message boards devoted to spam go back well into 2006; the spammers back then ranged from online casinos to Chinese jibberish.

Robins suggested in February 2007 that Skype should create a Do Not Spam list with heavily sanctioned fines for offenders, in the model of the national Do Not Call list for telemarketers. Instead, it seems the opposite has happened. Skype’s user database has been mined and turned into a To Call list that includes you.

Perhaps it was a desperate gambit by eBay to squeeze some blood from its costly turnip, or possibly lazy oversight by Skype’s corporate overlord that’s now damaging its product’s good standing in the wired marketplace. What one blogger noted as an “alarming trend” a year ago is now taking sharper focus, and more people are paying attention.

Meet Veronica

In December Jeremy Wagstaff, a tech columnist for The Wall Street Journal and blogger at Loose Wire, received his first Skype spam from “Veronica Sexy,” who billed herself as the “REAL MISS WEB CAM” and couldn’t wait to “get real nasty and show off.” When Wagstaff tried chatting with Veronica, her sex-bot automation directed him to her site, SkyperSex, which is headquartered in — you guessed it — Moscow.

Andy Melton wrote on his blog TechButter that he’s felt the change recently, too. “What is the deal with all this Skype spam?” Melton wrote early this month. “I have never been inundated like this before.” While he had received some calls from Chinese people in the past, he said lately there was an “influx.”

Now not only do the Chinese keep calling, they are leaving him voice mail. He even received one cryptic spam call that said, “Hello, FBI.” Melton advised his readers that there isn’t much you can do to avoid the spam, except to make sure you don’t click the links they send you.

Tech blogger Larry Borsato has been receiving similar calls. His Skype spammers tell him that “Windows Requires Immediate Attention” and that “Security Center has detected malware on your computer!” These Windows-based scare spams are even more transparent than usual when they pop up on a Mac (like Borsato uses) or a PC running Fedora (which Melton has). “Is this how eBay intends to monetize Skype?” Borsato asked. Apparently so.

No End in Sight

Given that Skype spam appears to be a widespread trend, there isn’t much any one person can do to stop it, other than blocking the offending user. But that defense is akin to swatting mosquitoes in a swamp: You’ll run out of swat before the swamp runs out of mosquitoes.

You could try using one of these 10 alternatives to Skype. But, if you’d rather stick it out, you might be forced to batten down your Skype hatches and only allow messages from people you know. Go to Preferences > Privacy and set “allow instant messages from” to “only people whom I have authorized to start.” You won’t get any pleasant Skype surprises anymore, but maybe you won’t get any unpleasant surprises either.

And of course, like its complete lack of real-time customer service, Skype has no “report this user” function. So, us Skypers are on our own.